Skip to content

Instantly share code, notes, and snippets.

@double-p

double-p/isakmpd.pcap filters

Created June 12, 2020 13:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save double-p/2fd7fd7df1d3593a5a45e6233a5a61aa to your computer and use it in GitHub Desktop.
Save double-p/2fd7fd7df1d3593a5a45e6233a5a61aa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
isakmpd.pcap filters
# filter pattern against DPD: 'host <peer-name> and ! (udp[26]=0x05 and udp[70:2]&0x8d20>7)'
# filter proposal/SA exchange only: 'host <peer-name> and ((udp[26]=0x02 and udp[24]=0x01) or udp[26]=0x20)'
# filterby src-Peer: tail -fc+0 /var/run/isakmpd09.pcap | tcpdump -netttvvvr - 'host 195.179.132.65 and host 194.25.170.42 and ((udp[26]=0x02 and udp[24]=0x01) or udp[26]=0x20)'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment