Wireshark mailing list archives
Re: Question regarding decryption of ikev1 ISAKMP messages
From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Mon, 23 Jul 2012 16:43:20 +0200
Hi, It is better to create a bug in bugtracker ( https://bugs.wireshark.org ) to no forget your problem... Regards, On Thu, Jun 28, 2012 at 5:51 PM, Susanne Goldammer <Susanne.Goldammer () gmx de
wrote:
Hi all, today i was trying to use this feature to decrypt IKEv1 messages exchanged during Main Mode. Herefor i added the Initiator Cookie and the Encryption Key to the IKEv1 Decryption Table. Unfortunately this did not help. I used Wireshark version 1.8.0. A source code analysis then showed up, that the code is checking whether the connection is using Authentication-Method: PSK. In my case it does not use a PSK but RSA-SIG method. So i changed the code epan/dissectors/packet-isakmp.c:1728 if (!decr || decr->is_psk == FALSE || <-- removed this line decr->gi_len == 0 || decr->gr_len == 0) return NULL; and deactivated the line checking for is_psk. Then it was possible to decode the ISAKMP payload (Encrypted data). So the code seems to work for non PSK connections, too. Now i was wondering about the reason for this check. Is it possible to remove this for future versions to make the IKEv1 decryption work for non PSK connections? Thanks a lot for your replies. Susanne ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Question regarding decryption of ikev1 ISAKMP messages Alexis La Goutte (Jul 23)