I have OpenBSD 3.0-current running on a home DSL system. Since the
moment it was powered up, I've been seeing tcpdump report packets
which look like
07:44:15.006024 esp A.B.C.D..gen.twtelecom.net > W.X.Y.Z spi 0x0ECA5173 seq 726729 len 108
07:44:15.011918 esp A.B.C.D..gen.twtelecom.net > W.X.Y.Z spi 0x0ECA5173 seq 726729 len 108
07:44:15.077131 esp A.B.C.D..gen.twtelecom.net > W.X.Y.Z spi 0x0ECA5173 seq 726729 len 108
I don't know much about IPSEC, but my guess is that this is someone
out there trying to establish an IPSEC connection with me, maybe
because my IP address had been assigned to someone else he knew
before. Fine, whatever. He's not going to get far.
The strange thing is that I have a linux box connected to the same
modem on a hub, so it should see the same traffic in tcpdump. In fact,
it does, with the exception of these packets. They don't show up at
all. Only tcpdump on OpenBSD shows them.
I'm using tcpdump from -current on OpenBSD, and 3.7.1 / pcap 0.7 on
linux. Any ideas why I wouldn't see the same traffic on both
machines? Is this because Linux doesn't understand IPSEC?
Or is tcpdump somehow behaving strangely under OpenBSD?
Thanks for any insights,