Hi,
It is better to create a bug in bugtracker (
https://bugs.wireshark.org ) to no forget your problem...
Regards,
On Thu, Jun 28, 2012 at 5:51 PM, Susanne Goldammer
<Susanne.Goldammer@xxxxxx> wrote:
Hi all,
today i was trying to use this feature to decrypt IKEv1 messages
exchanged during Main Mode. Herefor i added the Initiator Cookie and the
Encryption Key to the IKEv1 Decryption Table. Unfortunately this did not
help. I used Wireshark version 1.8.0.
A source code analysis then showed up, that the code is checking whether
the connection is using Authentication-Method: PSK. In my case it does
not use a PSK but RSA-SIG method. So i changed the code
epan/dissectors/packet-isakmp.c:1728
if (!decr ||
decr->is_psk == FALSE || <-- removed this line
decr->gi_len == 0 ||
decr->gr_len == 0)
return NULL;
and deactivated the line checking for is_psk.
Then it was possible to decode the ISAKMP payload (Encrypted data). So
the code seems to work for non PSK connections, too.
Now i was wondering about the reason for this check. Is it possible to
remove this for future versions to make the IKEv1 decryption work for
non PSK connections?
Thanks a lot for your replies.
Susanne
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
