Thanks for the responses Paul and Carlos .
Any other inputs from anyone please.
Regards,
Ravi
On Mon, Jan 17, 2011 at 11:10 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar>wrote:
> I am kind of trying to take a look at the protocol.
> So far I have been not able to find any public info on it.
> The conversation is not fully encrypted though. There are session
> hashes, but two different conversations share quite a bit of raw data,
> just 16 byte hashes (and 2 bytes CRCs/FCSs) differ for different
> keys. There has to be a session key too, cause same config key
> also renders different hashes (initial hello is not changed though).
>
> My interest comes from the fact that PfR does have info that is not
> available by other means, namelly, packet drop rate w/o responder
> cooperation by TCP sequence inspection.
>
> But so far, no luck. I'm going to play with Fluke's PfR Manager
> (the only PfR enabled app AFAIK) to see what gives.
> Any pointers are welcome too.
>
> -Carlos
>
> Paul Negron @ 17/01/2011 16:53 -0300 dixit:
>
> Ravi,
>>
>> I have to apologize. It was pretty late when I responded initially.
>>
>> The session between MC and Border is an MD5 hash using key chains but the
>> encryption between them I have not verified. All I know is I tried to view
>> the packet but could not verify the message, This could have been an
>> Application issue. I was able to see the packets on Wireshark but could
>> not
>> understand what was being passed. If ANYONE has seen this please provide
>> input.
>>
>> I should have said nothing until I was 100% sure of it. I will look into
>> this further though. Regardless.
>>
>> Paul
>>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 19 2011 - 09:48:01 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART