Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Query

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 27 Jul 2005 10:04:24 -0700
Babur Khan wrote:
i have made a driver which encrypts/decrypts incoming/outgoing ip packets, i used windows NDIS to build the driver and have implemented IPsec with SHA1 for authentication and AES for encyrption/decryption.The driver is working at the Data Link Layer.The Problem is that when i tried to capture packets with Ethereal 0.10.11 with WinPcap 3.0 (sent meaages several times like 'net send computer2 what is your name?') i been to able to seen the data field as plain text.
If the packets you're capturing are being sent by or received by the machine running Ethereal, then the problem is probably that WinPcap connects to the network interface at a layer that lets it see outgoing packets before they're encrypted and see incoming packets after they're decrypted. I'm not an expert in NDIS; you might want to ask the WinPcap developers about this.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube