Wireshark · Ethereal-dev: Re: [Ethereal-dev] IPsec dissector to decrypt ESP Payload

Ethereal-dev: Re: [Ethereal-dev] IPsec dissector to decrypt ESP Payload

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Frederic Roudaut" <frederic.roudaut@xxxxxxxx>

Date: Thu, 23 Feb 2006 16:39:53 +0100 (CET)

Hi,


thanks a lot for your answer.
I do not know a lot about GNU TLS but I believe that we could have problem
to get Encryption Algorithms. As far as I understood, it uses libgcrypt,
but only a part of it. Would not be better to directly use libgcrypt ?

I could try to adapat it in this way.

Best regards,

--
Frederic


> Would it be possible to link against GNU TLS instead?  We can't ship
> Ethereal linked against OpenSSL on many (most?) systems.
>
> Frederic Roudaut wrote:
>>
>>
>>
>> Hi all,
>>
>>
>> Because I received no comment about my dissector, I ask again ;-).
>> Is there any need for my update ? Does anyone plan to use it ?
>>
>> Best regards
>>
>> ----
>> Frederic
>>
>>
>>
>>
>>
>>
>>
>>
>> Frederic roudaut a écrit :
>>
>>>
>>>
>>>
>>> Hi everyone,
>>>
>>> I adapted the IPSEC dissector in order to decrypt ESP payload based on
>>> known SAs.It uses the few algorithms described in RFC 4305.
>>> It also uses libopenssl.
>>>
>>> If you prefer a patch please ask me. Otherwise, the file is the
>>> following :
>>> - packet-ipsec.c
>>>
>>> (It is still possible to decrypt ESP payloads with the assumption that
>>> it is null encrypted and the Authenticator field is 12 bytes as in the
>>> original dissector).
>>>
>>> I wrote a little doc in :
>>> - README_DISSECTOR_IPSEC (have a look to install the dissector)
>>>
>>> And I put exemple files :
>>>
>>> - A capture file : capture.pcap
>>>
>>> - Some preferences files with the configurations for v4 and V6
>>>         - preferences_v4
>>>         - preferences_v6
>>>
>>> - The sad has been run using : ipsec.conf (config file for setkey)
>>>   I have not tested it for AES-CTR. So if you can, please send me a
>>>   report on it.
>>>
>>> - If you want to get another capture file. You may use both following
>>> scripts on Linux:
>>>          - neigh.sh : for establishing neighborhood
>>>          - ping_v6_v4.sh : in order to send ping v4 and v6
>>>
>>>
>>> I hope it will be helpfull for some of you.
>>>
>>>
>>> Best regards,
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>Ethereal-dev mailing list
>>>Ethereal-dev@xxxxxxxxxxxx
>>>http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

References:
- Re: [Ethereal-dev] IPsec dissector to decrypt ESP Payload
  - From: Frederic Roudaut
- Re: [Ethereal-dev] IPsec dissector to decrypt ESP Payload
  - From: Gerald Combs

Prev by Date: Re: [Ethereal-dev] Capture attachment
Next by Date: Re: [Ethereal-dev] About SNMP
Previous by thread: Re: [Ethereal-dev] IPsec dissector to decrypt ESP Payload
Next by thread: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$