1
Roper stops ISAKMP traffic (port 500 udp) used to create a SA.
2
If client is configured to fall back to unsecure comunications
3
after key exchange failure and server accepts non ipsec traffic
4
(incoming and outgoing) you can see connections in plaintext and you can
5
manipulate it even if ESP or AH are used as default.
7
It can fails if tunnel-mode ESP is used to reach non public or firewalled IPs
8
or if particular methods are used to authenticate sessions on a VPN gateway.
11
You have to use it during an arp poisoning session.
13
You have to catch a session from the beginning of a ISAKMP SA creation.
15
You have to have fun :)