"proving" encryption

mrplaidmrplaid Registered Users Posts: 1 ■□□□□□□□□□
Hi everyone,
I'm trying a little experiment with our Juniper SA-4000's, but this situation could probably apply to any networking devices.
I want to be able to "prove" that my encryption is working over our VPN sessions. We have a suspicion that some clients may only be connecting with AES128/MD5 encryption when they should really be connecting with AES256/SHA. I don't see where I can verify this in the logs, but I'd like to independently verify it anyway. Any ideas on how I can go about doing this?

Thanks in advance,
mrplaid

EDIT:
Hi guys, just wanted to say thanks for all the helpful responses! I ended up using Wireshark to capture some (what I think are) encrypted packets to prove that the encryption was working. I haven't been able to find an equivalent of the 'get sa' command using the WebUI for our Juniper box, so I'm trying to figure out other ways to glean that information. This is has become one of those "the more you learn the more you realize you don't know" sort of things, which is good.

Comments

  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    You could sniff the traffic to prove encryption....
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Aside from sniffing, the logs could help you too.

    Not sure how it done in juniper but if you could see the IPSEC SA's , in cisco they show you the encryption and hash being used for each unidirectional SA for each end, be it host to host, network to host , or network to network.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • instant000instant000 Member Posts: 1,745
    Try "get sa" that output should offer what you need.
    Paris-> get sa
     total configured sa: 1
     HEX ID    Gateway Port Algorithm     SPI      Life:sec kb    [B][COLOR=#ff0000]Sta[/COLOR][/B] PID vsys
     00000001< 1.1.1.1 500  esp:3des/sha1 e37791d3 3596     unlim [B][COLOR=#ff0000]A/-[/COLOR][/B] 2 0
     00000001> 1.1.1.1 500  esp:3des/sha1 883ebdb8 3596     unlim [B][COLOR=#ff0000]A/-[/COLOR][/B] 1 0  
    

    If you're trying to correlate that HEX id at the beginning, it'll be the number you see at the end of the lines, for the policies you have configured for your tunnels. in the configuration.

    Try "get policy id nn" to get those

    For example: "get policy id "01"

    what I can't verify at this moment is if it wants you to enter "0x01" or not, as I don't have screenOs running at home at the moment.

    Hope this helps!
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
Sign In or Register to comment.