Hi all,
Because I received no comment about my dissector, I ask again ;-).
Is there any need for my update ? Does anyone plan to use it ?
Best regards
----
Frederic
Frederic roudaut a écrit :
Hi everyone,
I adapted the IPSEC dissector in order to decrypt ESP payload based on
known SAs.It uses the few algorithms described in RFC 4305.
It also uses libopenssl.
If you prefer a patch please ask me. Otherwise, the file is the following :
- packet-ipsec.c
(It is still possible to decrypt ESP payloads with the assumption that
it is null encrypted and the Authenticator field is 12 bytes as in the
original dissector).
I wrote a little doc in :
- README_DISSECTOR_IPSEC (have a look to install the dissector)
And I put exemple files :
- A capture file : capture.pcap
- Some preferences files with the configurations for v4 and V6
- preferences_v4
- preferences_v6
- The sad has been run using : ipsec.conf (config file for setkey)
I have not tested it for AES-CTR. So if you can, please send me a
report on it.
- If you want to get another capture file. You may use both following
scripts on Linux:
- neigh.sh : for establishing neighborhood
- ping_v6_v4.sh : in order to send ping v4 and v6
I hope it will be helpfull for some of you.
Best regards,
--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
Attachment:
IPSEC_1.0.tgz
Description: application/compressed
