541 lines
20 KiB
Groff
541 lines
20 KiB
Groff
.\" $Id: ike-scan.1 9919 2007-01-22 22:52:36Z rsh $
|
|
.TH IKE-SCAN 1 "January 14, 2007"
|
|
.\" Please adjust this date whenever revising the manpage.
|
|
.SH NAME
|
|
ike-scan \- Discover and fingerprint IKE hosts (IPsec VPN servers)
|
|
.SH SYNOPSIS
|
|
.B ike-scan
|
|
.RI [ options ] " " [ hosts ...]
|
|
.PP
|
|
Target hosts must be specified on the command line unless the
|
|
.B --file
|
|
option is specified.
|
|
.SH DESCRIPTION
|
|
.B ike-scan
|
|
discovers IKE hosts and can also fingerprint them using the
|
|
retransmission backoff pattern.
|
|
.PP
|
|
.B ike-scan
|
|
does two things:
|
|
.IP 1)
|
|
Discovery: Determine which hosts are running IKE.
|
|
This is done by displaying those hosts which respond to the IKE requests
|
|
sent by
|
|
.B ike-scan.
|
|
.IP 2)
|
|
Fingerprinting: Determine which IKE implementation the hosts are using.
|
|
There are several ways to do this: (a) Backoff fingerprinting - recording
|
|
the times of the IKE response packets from the target hosts and comparing
|
|
the observed retransmission backoff pattern against known patterns; (b) vendor
|
|
id fingerprinting - matching the vendor-specific vendor IDs against known
|
|
vendor ID patterns; and (c) proprietary notify message codes.
|
|
.PP
|
|
The retransmission backoff fingerprinting concept is discussed in more
|
|
detail in the UDP backoff fingerprinting paper which should be included
|
|
in the ike-scan kit as
|
|
.I udp-backoff-fingerprinting-paper.txt.
|
|
.PP
|
|
The program sends IKE Phase-1 requests to the specified hosts and displays
|
|
any responses that are received. It handles retry and retransmission with
|
|
backoff to cope with packet loss. It also limits the amount of bandwidth
|
|
used by the outbound IKE packets.
|
|
.PP
|
|
IKE is the Internet Key Exchange protocol which is the key exchange and
|
|
authentication mechanism used by IPsec. Just about all modern VPN systems
|
|
implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange.
|
|
.PP
|
|
Phase-1 has two modes: Main Mode and Aggressive Mode. ike-scan supports both
|
|
Main and Aggressive mode, and uses Main Mode by default. RFC 2409 (IKE)
|
|
section 5 specifies that main mode must be implemented, therefore all IKE
|
|
implementations can be expected to support main mode.
|
|
.SH OPTIONS
|
|
.TP
|
|
.B --help or -h
|
|
Display this usage message and exit.
|
|
.TP
|
|
.B --file=<fn> or -f <fn>
|
|
Read hostnames or addresses from the specified file
|
|
instead of from the command line. One name or IP
|
|
address per line. Use "-" for standard input.
|
|
.TP
|
|
.B --sport=<p> or -s <p>
|
|
Set UDP source port to <p>, default=500, 0=random.
|
|
Some IKE implementations require the client to use
|
|
UDP source port 500 and will not talk to other ports.
|
|
Note that superuser privileges are normally required
|
|
to use non-zero source ports below 1024. Also only
|
|
one process on a system may bind to a given source port
|
|
at any one time. Use of the --nat-t option changes
|
|
the default source port to 4500
|
|
.TP
|
|
.B --dport=<p> or -d <p>
|
|
Set UDP destination port to <p>, default=500.
|
|
UDP port 500 is the assigned port number for ISAKMP
|
|
and this is the port used by most if not all IKE
|
|
implementations. Use of the --nat-t option changes
|
|
the default destination port to 4500
|
|
.TP
|
|
.B --retry=<n> or -r <n>
|
|
Set total number of attempts per host to <n>,
|
|
default=3.
|
|
.TP
|
|
.B --timeout=<n> or -t <n>
|
|
Set initial per host timeout to <n> ms, default=500.
|
|
This timeout is for the first packet sent to each host.
|
|
subsequent timeouts are multiplied by the backoff
|
|
factor which is set with --backoff.
|
|
.TP
|
|
.B --bandwidth=<n> or -B <n>
|
|
Set desired outbound bandwidth to <n>, default=56000
|
|
The value is in bits per second by default. If you
|
|
append "K" to the value, then the units are kilobits
|
|
per second; and if you append "M" to the value,
|
|
the units are megabits per second.
|
|
The "K" and "M" suffixes represent the decimal, not
|
|
binary, multiples. So 64K is 64000, not 65536.
|
|
.TP
|
|
.B --interval=<n> or -i <n>
|
|
Set minimum packet interval to <n> ms.
|
|
The packet interval will be no smaller than this number.
|
|
The interval specified is in milliseconds by default.
|
|
if "u" is appended to the value, then the interval
|
|
is in microseconds, and if "s" is appended, the
|
|
interval is in seconds.
|
|
If you want to use up to a given bandwidth, then it is
|
|
easier to use the --bandwidth option instead.
|
|
You cannot specify both --interval and --bandwidth
|
|
because they are just different ways to change the
|
|
same underlying variable.
|
|
.TP
|
|
.B --backoff=<b> or -b <b>
|
|
Set timeout backoff factor to <b>, default=1.50.
|
|
The per-host timeout is multiplied by this factor
|
|
after each timeout. So, if the number of retries
|
|
is 3, the initial per-host timeout is 500ms and the
|
|
backoff factor is 1.5, then the first timeout will be
|
|
500ms, the second 750ms and the third 1125ms.
|
|
.TP
|
|
.B --verbose or -v
|
|
Display verbose progress messages.
|
|
Use more than once for greater effect:
|
|
1 - Show when each pass is completed and when
|
|
packets with invalid cookies are received.
|
|
2 - Show each packet sent and received and when
|
|
hosts are removed from the list.
|
|
3 - Display the host, Vendor ID and backoff lists
|
|
before scanning starts.
|
|
.TP
|
|
.B --quiet or -q
|
|
Don't decode the returned packet.
|
|
This prints less protocol information so the
|
|
output lines are shorter.
|
|
.TP
|
|
.B --multiline or -M
|
|
Split the payload decode across multiple lines.
|
|
With this option, the decode for each payload is
|
|
printed on a separate line starting with a TAB.
|
|
This option makes the output easier to read, especially
|
|
when there are many payloads.
|
|
.TP
|
|
.B --lifetime=<s> or -l <s>
|
|
Set IKE lifetime to <s> seconds, default=28800.
|
|
RFC 2407 specifies 28800 as the default, but some
|
|
implementations may require different values.
|
|
If you specify this as a a decimal integer, e.g.
|
|
86400, then the attribute will use a 4-byte value.
|
|
If you specify it as a hex number, e.g. 0xFF, then
|
|
the attribute will use the appropriate size value
|
|
(one byte for this example).
|
|
If you specify the string "none" then no lifetime
|
|
attribute will be added at all.
|
|
You can use this option more than once in conjunction
|
|
with the --trans options to produce multiple transform
|
|
payloads with different lifetimes. Each --trans option
|
|
will use the previously specified lifetime value.
|
|
.TP
|
|
.B --lifesize=<s> or -z <s>
|
|
Set IKE lifesize to <s> Kilobytes, default=0.
|
|
If you specify this as a a decimal integer, e.g.
|
|
86400, then the attribute will use a 4-byte value.
|
|
If you specify it as a hex number, e.g. 0xFF, then
|
|
the attribute will use the appropriate size value
|
|
(one byte for this example).
|
|
You can use this option more than once in conjunction
|
|
with the --trans options to produce multiple transform
|
|
payloads with different lifesizes. Each --trans option
|
|
will use the previously specified lifesize value.
|
|
.TP
|
|
.B --auth=<n> or -m <n>
|
|
Set auth. method to <n>, default=1 (PSK).
|
|
RFC defined values are 1 to 5. See RFC 2409 Appendix A.
|
|
Checkpoint hybrid mode is 64221.
|
|
GSS (Windows "Kerberos") is 65001.
|
|
XAUTH uses 65001 to 65010.
|
|
This is not applicable to IKEv2.
|
|
.TP
|
|
.B --version or -V
|
|
Display program version and exit.
|
|
.TP
|
|
.B --vendor=<v> or -e <v>
|
|
Set vendor id string to hex value <v>.
|
|
You can use this option more than once to send
|
|
multiple vendor ID payloads.
|
|
.TP
|
|
.B --trans=<t> or -a <t>
|
|
Use custom transform <t> instead of default set.
|
|
You can use this option more than once to send
|
|
an arbitrary number of custom transforms.
|
|
There are two ways to specify the transform:
|
|
The new way, where you specify the attribute/value
|
|
pairs, and the old way where you specify the values
|
|
for a fixed list of attributes.
|
|
For the new method, the transform <t> is specified as
|
|
(attr=value, attr=value, ...)
|
|
Where "attr" is the attribute number, and "value" is
|
|
the value to assign to that attribute. You can specify
|
|
an arbitary number of attribute/value pairs.
|
|
See RFC 2409 Appendix A for details of the attributes
|
|
and values.
|
|
Note that brackets are special to some shells, so you
|
|
may need to quote them, e.g. --trans="(1=1,2=2,3=3,4=4)".
|
|
For example, --trans=(1=1,2=2,3=1,4=2) specifies
|
|
Enc=3DES-CBC, Hash=SHA1, Auth=shared key, DH Group=2;
|
|
and --trans=(1=7,14=128,2=1,3=3,4=5) specifies
|
|
Enc=AES/128, Hash=MD5, Auth=RSA sig, DH Group=5.
|
|
For the old method, the transform <t> is specified as
|
|
enc[/len],hash,auth,group.
|
|
Where enc is the encryption algorithm,
|
|
len is the key length for variable length ciphers,
|
|
hash is the hash algorithm, and group is the DH Group.
|
|
For example, --trans=5,2,1,2 specifies
|
|
Enc=3DES-CBC, Hash=SHA1, Auth=shared key, DH Group=2;
|
|
and --trans=7/256,1,1,5 specifies
|
|
Enc=AES-256, Hash=MD5, Auth=shared key, DH Group=5.
|
|
This option is not yet supported for IKEv2.
|
|
.TP
|
|
.B --showbackoff[=<n>] or -o[<n>]
|
|
Display the backoff fingerprint table.
|
|
Display the backoff table to fingerprint the IKE
|
|
implementation on the remote hosts.
|
|
The optional argument specifies time to wait in seconds
|
|
after receiving the last packet, default=60.
|
|
If you are using the short form of the option (-o)
|
|
then the value must immediately follow the option
|
|
letter with no spaces, e.g. -o25 not -o 25.
|
|
.TP
|
|
.B --fuzz=<n> or -u <n>
|
|
Set pattern matching fuzz to <n> ms, default=500.
|
|
This sets the maximum acceptable difference between
|
|
the observed backoff times and the reference times in
|
|
the backoff patterns file. Larger values allow for
|
|
higher variance but also increase the risk of
|
|
false positive identifications.
|
|
Any per-pattern-entry fuzz specifications in the
|
|
patterns file will override the value set here.
|
|
.TP
|
|
.B --patterns=<f> or -p <f>
|
|
Use IKE backoff patterns file <f>,
|
|
default=/usr/local/share/ike-scan/ike-backoff-patterns.
|
|
This specifies the name of the file containing
|
|
IKE backoff patterns. This file is only used when
|
|
--showbackoff is specified.
|
|
.TP
|
|
.B --vidpatterns=<f> or -I <f>
|
|
Use Vendor ID patterns file <f>,
|
|
default=/usr/local/share/ike-scan/ike-vendor-ids.
|
|
This specifies the name of the file containing
|
|
Vendor ID patterns. These patterns are used for
|
|
Vendor ID fingerprinting.
|
|
.TP
|
|
.B --aggressive or -A
|
|
Use IKE Aggressive Mode (The default is Main Mode)
|
|
If you specify --aggressive, then you may also
|
|
specify --dhgroup, --id and --idtype. If you use
|
|
custom transforms with aggressive mode with the --trans
|
|
option, note that all transforms should have the same
|
|
DH Group and this should match the group specified
|
|
with --dhgroup or the default if --dhgroup is not used.
|
|
.TP
|
|
.B --id=<id> or -n <id>
|
|
Use <id> as the identification value.
|
|
This option is only applicable to Aggressive Mode.
|
|
<id> can be specified as a string, e.g. --id=test or as
|
|
a hex value with a leading "0x", e.g. --id=0xdeadbeef.
|
|
.TP
|
|
.B --idtype=<n> or -y <n>
|
|
Use identification type <n>. Default 3 (ID_USER_FQDN).
|
|
This option is only applicable to Aggressive Mode.
|
|
See RFC 2407 4.6.2 for details of Identification types.
|
|
.TP
|
|
.B --dhgroup=<n> or -g <n>
|
|
Use Diffie Hellman Group <n>. Default 2.
|
|
This option is only applicable to Aggressive Mode and
|
|
IKEv2. For both of these, it is used to determine the
|
|
size of the key exchange payload.
|
|
If you use Aggressive Mode with custom transforms, then
|
|
you will normally need to use the --dhgroup option
|
|
unless you are using the default DH group.
|
|
Acceptable values are 1,2,5,14,15,16,17,18 (MODP only).
|
|
.TP
|
|
.B --gssid=<n> or -G <n>
|
|
Use GSS ID <n> where <n> is a hex string.
|
|
This uses transform attribute type 16384 as specified
|
|
in draft-ietf-ipsec-isakmp-gss-auth-07.txt, although
|
|
Windows-2000 has been observed to use 32001 as well.
|
|
For Windows 2000, you'll need to use --auth=65001 to
|
|
specify Kerberos (GSS) authentication.
|
|
.TP
|
|
.B --random or -R
|
|
Randomise the host list.
|
|
This option randomises the order of the hosts in the
|
|
host list, so the IKE probes are sent to the hosts in
|
|
a random order. It uses the Knuth shuffle algorithm.
|
|
.TP
|
|
.B --tcp[=<n>] or -T[<n>]
|
|
Use TCP transport instead of UDP.
|
|
This allows you to test a host running IKE over TCP.
|
|
You won't normally need this option because the vast
|
|
majority of IPsec systems only support IKE over UDP.
|
|
The optional value <n> specifies the type of IKE over
|
|
TCP. There are currently two possible values:
|
|
1 = RAW IKE over TCP as used by Checkpoint (default);
|
|
2 = Encapsulated IKE over TCP as used by Cisco.
|
|
If you are using the short form of the option (-T)
|
|
then the value must immediately follow the option
|
|
letter with no spaces, e.g. -T2 not -T 2.
|
|
You can only specify a single target host if you use
|
|
this option.
|
|
.TP
|
|
.B --tcptimeout=<n> or -O <n>
|
|
Set TCP connect timeout to <n> seconds (default=10).
|
|
This is only applicable to TCP transport mode.
|
|
.TP
|
|
.B --pskcrack[=<f>] or -P[<f>]
|
|
Crack aggressive mode pre-shared keys.
|
|
This option outputs the aggressive mode pre-shared key
|
|
(PSK) parameters for offline cracking using the
|
|
"psk-crack" program that is supplied with ike-scan.
|
|
You can optionally specify a filename, <f>, to write
|
|
the PSK parameters to. If you do not specify a filename
|
|
then the PSK parameters are written to standard output.
|
|
If you are using the short form of the option (-P)
|
|
then the value must immediately follow the option
|
|
letter with no spaces, e.g. -Pfile not -P file.
|
|
You can only specify a single target host if you use
|
|
this option.
|
|
This option is only applicable to IKE aggressive mode.
|
|
.TP
|
|
.B --nodns or -N
|
|
Do not use DNS to resolve names.
|
|
If you use this option, then all hosts must be
|
|
specified as IP addresses.
|
|
.TP
|
|
.B --noncelen=<n> or -c <n>
|
|
Set the nonce length to <n> bytes. Default=20
|
|
This option controls the length of the nonce payload
|
|
that is sent in an aggressive mode or IKEv2 request.
|
|
Normally there is no need to use this option unless you
|
|
want to reduce the nonce size to speed up pre-shared
|
|
key cracking, or if you want to see how a particular
|
|
server handles different length nonce payloads.
|
|
RFC 2409 states that the length of nonce payload
|
|
must be between 8 and 256 bytes, but ike-scan does
|
|
not enforce this.
|
|
Specifying a large nonce length will increase the
|
|
size of the packet sent by ike-scan. A very large nonce
|
|
length may cause fragmentation, or exceed the maximum
|
|
IP packet size.
|
|
This option is only applicable to IKE aggressive mode.
|
|
.TP
|
|
.B --headerlen=<n> or -L <n>
|
|
Set the length in the ISAKMP header to <n> bytes.
|
|
You can use this option to manually specify the value
|
|
to be used for the ISAKMP header length.
|
|
By default, ike-scan will fill in the correct value.
|
|
Use this option to manually specify an incorrect
|
|
length.
|
|
<n> can be specified as "+n" which sets the length
|
|
to n bytes more than it should be, "-n" which sets
|
|
it to n bytes less, or "n" which sets it to exactly
|
|
bytes.
|
|
Changing the header length to an incorrect value can
|
|
sometimes disrupt VPN servers.
|
|
.TP
|
|
.B --mbz=<n> or -Z <n>
|
|
Use the value <n> for reserved (MBZ) fields, default=0.
|
|
Specifying this option makes the outgoing packet
|
|
non-RFC compliant, and should only be used if you want
|
|
to see how a VPN server will respond to invalid packets.
|
|
The value of <n> should be in the range 0-255.
|
|
.TP
|
|
.B --headerver=<n> or -E <n>
|
|
Specify the ISAKMP header version.
|
|
The default is 0x10 (16) which corresponds to v1.0.
|
|
Specifying a non-default value will make the outgoing
|
|
packet non-RFC compliant, and should only be used if
|
|
you want to see how the VPN server reacts to strange
|
|
versions.
|
|
The value should be in the range 0-255.
|
|
.TP
|
|
.B --certreq=<c> or -C <c>
|
|
Add the CertificateRequest payload <c>.
|
|
<c> should be specified as a hex value.
|
|
The first byte of the hex value will be interpreted as
|
|
the certificate type; the remaining bytes as the
|
|
certificate authority as described in RFC 2408 3.10.
|
|
The certificate types are listed in RFC 2408 sec 3.9.
|
|
RFC 2048 states "The Certificate Request payload MUST
|
|
be accepted at any point during the exchange"
|
|
.TP
|
|
.B --doi=<d> or -D <d>
|
|
Set the SA DOI to <d>, default 1 (IPsec).
|
|
You will not normally want to change this unless you
|
|
want to see how the VPN server responds to a
|
|
non-standard DOI.
|
|
.TP
|
|
.B --situation=<s> or -S <s>
|
|
Set the SA Situation to <d>, default 1.
|
|
The meaning of the situation depends on the DOI, and
|
|
is detailed in the appropriate DOI document. For the
|
|
IPsec DOI, the default Situation of 1 represents
|
|
SIT_IDENTITY_ONLY.
|
|
You will not normally want to change this unless you
|
|
want to see how the VPN server responds to a
|
|
non-standard situation.
|
|
.TP
|
|
.B --protocol=<p> or -j <p>
|
|
Set the Proposal protocol ID to <p>, default 1.
|
|
The meaning of the proposal protocol ID depends on
|
|
the DOI, and is detailed in the appropriate DOI
|
|
document. For the IPsec DOI, the default proposal
|
|
protocol id of 1 represents PROTO_ISAKMP.
|
|
You will not normally want to change this unless you
|
|
want to see how the VPN server responds to a
|
|
non-standard protocol ID.
|
|
.TP
|
|
.B --transid=<t> or -k <t>
|
|
Set the Transform ID to <t>, default 1.
|
|
The meaning of the transform ID depends on the
|
|
DOI, and is detailed in the appropriate DOI
|
|
document. For the IPsec DOI, the default
|
|
transform id of 1 represents KEY_IKE.
|
|
You will not normally want to change this unless you
|
|
want to see how the VPN server responds to a
|
|
non-standard transform ID.
|
|
.TP
|
|
.B --spisize=<n>
|
|
Set the proposal SPI size to <n>. Default=0
|
|
If this is non-zero, then a random SPI of the
|
|
specified size will be added to the proposal payload.
|
|
The default of zero means no SPI.
|
|
.TP
|
|
.B --hdrflags=<n>
|
|
Set the ISAKMP header flags to <n>. Default=0
|
|
The flags are detailed in RFC 2408 section 3.1
|
|
.TP
|
|
.B --hdrmsgid=<n>
|
|
Set the ISAKMP header message ID to <n>. Default=0
|
|
This should be zero for IKE Phase-1.
|
|
.TP
|
|
.B --cookie=<n>
|
|
Set the ISAKMP initiator cookie to <n>
|
|
The cookie value should be specified in hex.
|
|
By default, the cookies are automatically generated
|
|
and have unique values. If you specify this option,
|
|
then you can only specify a single target, because
|
|
ike-scan requires unique cookie values to match up
|
|
the response packets.
|
|
.TP
|
|
.B --exchange=<n>
|
|
Set the exchange type to <n>
|
|
This option allows you to change the exchange type in
|
|
the ISAKMP header to an arbitrary value.
|
|
Note that ike-scan only supports Main and Aggressive
|
|
modes (values 2 and 4 respectively). Specifying
|
|
other values will change the exchange type value in
|
|
the ISAKMP header, but will not adjust the other
|
|
payloads.
|
|
The exchange types are defined in RFC 2408 sec 3.1.
|
|
.TP
|
|
.B --nextpayload=<n>
|
|
Set the next payload in the ISAKMP header to <n>
|
|
Normally, the next payload is automatically set to the
|
|
correct value.
|
|
.TP
|
|
.B --randomseed=<n>
|
|
Use <n> to seed the pseudo random number generator.
|
|
This option seeds the PRNG with the specified number,
|
|
which can be useful if you want to ensure that the
|
|
packet data is exactly repeatable when it includes
|
|
payloads with random data such as key exchange or nonce.
|
|
By default, the PRNG is seeded with an unpredictable
|
|
value.
|
|
.TP
|
|
.B --timestamp
|
|
Display timestamps for received packets.
|
|
This option causes a timestamp to be displayed for
|
|
each received packet.
|
|
.TP
|
|
.B --sourceip=<s>
|
|
Set source IP address for outgoing packets to <s>.
|
|
This option causes the outgoing IKE packets to have
|
|
the specified source IP address.
|
|
The address can either be an IP address in dotted
|
|
quad format, or the string "random" which will use
|
|
a different random source address for each packet that
|
|
is sent.
|
|
If this option is used, no packets will be received
|
|
This option requires raw socket support, and you
|
|
will need superuser privileges to use this option,
|
|
even if you specify a high source port.
|
|
This option does not work on all operating systems.
|
|
.TP
|
|
.B --shownum
|
|
Display the host number for received packets.
|
|
This displays the ordinal host number of the
|
|
responding host before the IP address. It can be useful
|
|
when sending many packets to the same target IP, to
|
|
see if any probes are being ignored.
|
|
.TP
|
|
.B --nat-t
|
|
Use RFC 3947 NAT-Traversal encapsulation.
|
|
This option adds the non-ESP marker to the beginning
|
|
of outgoing packets and strips it from received
|
|
packets, as described in RFC 3947. It also changes the
|
|
default source port to 4500 and the default destination
|
|
port to 4500, which are the ports for NAT-T IKE.
|
|
These port numbers can be changed with the --sport and
|
|
--dport options, providing they are used after the
|
|
--nat-t option.
|
|
.TP
|
|
.B --rcookie=<n>
|
|
Set the ISAKMP responder cookie to <n>.
|
|
This sets the responder cookie to the specified hex
|
|
value. By default, the responder cookie is set to zero.
|
|
.TP
|
|
.B --ikev2 or -2
|
|
Use IKE version 2
|
|
This causes the outgoing packets to use IKEv2 format
|
|
as defined in RFC 4306 instead of the default IKEv1
|
|
format. Any packets returned are automatically decoded
|
|
as IKE or IKEv2 depending on their payloads irrespective
|
|
of this option.
|
|
The --ikev2 option is currently experimental. It has not
|
|
been extensively tested, and it only supports sending the
|
|
default proposal.
|
|
.SH FILES
|
|
.TP
|
|
.I /usr/local/share/ike-scan/ike-backoff-patterns
|
|
List of UDP backoff patterns. Used when the --showbackoff option is
|
|
specified.
|
|
.TP
|
|
.I /usr/local/share/ike-scan/ike-vendor-ids
|
|
List of known Vendor ID patterns.
|
|
.SH AUTHOR
|
|
Roy Hills <Roy.Hills@nta-monitor.com>
|
|
.SH "SEE ALSO"
|
|
.I http://www.nta-monitor.com/wiki/
|
|
The ike-scan wiki page.
|
|
.PP
|
|
.I http://www.nta-monitor.com/tools/ike-scan/
|
|
The ike-scan homepage.
|