I am kind of trying to take a look at the protocol.
So far I have been not able to find any public info on it.
The conversation is not fully encrypted though. There are session
hashes, but two different conversations share quite a bit of raw data,
just 16 byte hashes (and 2 bytes CRCs/FCSs) differ for different
keys. There has to be a session key too, cause same config key
also renders different hashes (initial hello is not changed though).
My interest comes from the fact that PfR does have info that is not
available by other means, namelly, packet drop rate w/o responder
cooperation by TCP sequence inspection.
But so far, no luck. I'm going to play with Fluke's PfR Manager
(the only PfR enabled app AFAIK) to see what gives.
Any pointers are welcome too.
-Carlos
Paul Negron @ 17/01/2011 16:53 -0300 dixit:
> Ravi,
>
> I have to apologize. It was pretty late when I responded initially.
>
> The session between MC and Border is an MD5 hash using key chains but the
> encryption between them I have not verified. All I know is I tried to view
> the packet but could not verify the message, This could have been an
> Application issue. I was able to see the packets on Wireshark but could not
> understand what was being passed. If ANYONE has seen this please provide
> input.
>
> I should have said nothing until I was 100% sure of it. I will look into
> this further though. Regardless.
>
> Paul
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Mon Jan 17 2011 - 20:10:14 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART