Wireshark mailing list archives
Re: Test decryption ESP and ISAKMP on wireshark
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Thu, 11 Aug 2016 13:18:38 +0200
Hi, Tshark uses the same dissection engine as Wireshark does and uses the same files. So if you work out which files contains the relevant data you can set these up, do a Tshark run with required parameters and check the (text) output. Thanks, Jaap
On 11 Aug 2016, at 11:51, Codrut Grosu <cgrosu () ixiacom com> wrote: Hi, I just finished writing a plugin for strongSwan[1], an open source IPsec-based VPN Solution, that will export ESP, IKEv1 and IKEv2 decryption tables in a wireshark compatible format.[2],[3] Now I want to test the plugin. Until now, I run strongSwan with the new plugin loaded, then I make a wireshark capture with ISAKMP and ESP packets and then I check if the packets are decrypted using wireshark gui. Now, is there a way to check if the wireshark decryption table that was generated by the new strongSwan plugin is compatible with wireshark and if it is compatible to check if it decrypts the pakets?... all that without using wireshark gui. Cheers, Codrut. [1]: https://www.strongswan.org/ strongSwan - IPsec VPN for Linux, Android, FreeBSD, Mac OS ... www.strongswan.org strongSwan is an Open Source IPsec-based VPN solution for Linux and other UNIX based operating systems implementing both the IKEv1 and IKEv2 key exchange protocols. [2]: https://wiki.strongswan.org/issues/1557 Feature #1557: An option to save IKE_SA and CHILD_SA keys for wireshark - strongSwan wiki.strongswan.org Redmine [3]: https://github.com/strongswan/strongswan/pull/49 An option to save IKE_SA and CHILD_SA keys for wireshark by superCodrut · Pull Request #49 · strongswan/strongswan github.com This is the first patch series for feature #1557. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Test decryption ESP and ISAKMP on wireshark Codrut Grosu (Aug 11)
- Re: Test decryption ESP and ISAKMP on wireshark Jaap Keuter (Aug 11)