"proving" encryption
Hi everyone,
I'm trying a little experiment with our Juniper SA-4000's, but this situation could probably apply to any networking devices.
I want to be able to "prove" that my encryption is working over our VPN sessions. We have a suspicion that some clients may only be connecting with AES128/MD5 encryption when they should really be connecting with AES256/SHA. I don't see where I can verify this in the logs, but I'd like to independently verify it anyway. Any ideas on how I can go about doing this?
Thanks in advance,
mrplaid
EDIT:
Hi guys, just wanted to say thanks for all the helpful responses! I ended up using Wireshark to capture some (what I think are) encrypted packets to prove that the encryption was working. I haven't been able to find an equivalent of the 'get sa' command using the WebUI for our Juniper box, so I'm trying to figure out other ways to glean that information. This is has become one of those "the more you learn the more you realize you don't know" sort of things, which is good.
I'm trying a little experiment with our Juniper SA-4000's, but this situation could probably apply to any networking devices.
I want to be able to "prove" that my encryption is working over our VPN sessions. We have a suspicion that some clients may only be connecting with AES128/MD5 encryption when they should really be connecting with AES256/SHA. I don't see where I can verify this in the logs, but I'd like to independently verify it anyway. Any ideas on how I can go about doing this?
Thanks in advance,
mrplaid
EDIT:
Hi guys, just wanted to say thanks for all the helpful responses! I ended up using Wireshark to capture some (what I think are) encrypted packets to prove that the encryption was working. I haven't been able to find an equivalent of the 'get sa' command using the WebUI for our Juniper box, so I'm trying to figure out other ways to glean that information. This is has become one of those "the more you learn the more you realize you don't know" sort of things, which is good.
Comments
-
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
You could sniff the traffic to prove encryption.... -
chrisone
Member Posts: 2,278 ■■■■■■■■■□
Aside from sniffing, the logs could help you too.
Not sure how it done in juniper but if you could see the IPSEC SA's , in cisco they show you the encryption and hash being used for each unidirectional SA for each end, be it host to host, network to host , or network to network.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
instant000
Member Posts: 1,745
Try "get sa" that output should offer what you need.Paris-> get sa total configured sa: 1 HEX ID Gateway Port Algorithm SPI Life:sec kb [B][COLOR=#ff0000]Sta[/COLOR][/B] PID vsys 00000001< 1.1.1.1 500 esp:3des/sha1 e37791d3 3596 unlim [B][COLOR=#ff0000]A/-[/COLOR][/B] 2 0 00000001> 1.1.1.1 500 esp:3des/sha1 883ebdb8 3596 unlim [B][COLOR=#ff0000]A/-[/COLOR][/B] 1 0
If you're trying to correlate that HEX id at the beginning, it'll be the number you see at the end of the lines, for the policies you have configured for your tunnels. in the configuration.
Try "get policy id nn" to get those
For example: "get policy id "01"
what I can't verify at this moment is if it wants you to enter "0x01" or not, as I don't have screenOs running at home at the moment.
Hope this helps!Currently Working: CCIE R&S
LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)