Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] IPsec Dissector to decrypt ESP Payload

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Frédéric Roudaut <roudaut.frederic@xxxxxxx>
Date: Tue, 01 Aug 2006 12:19:03 +0200
Hi,

sorry for my late answer. You're right for the key. To enter binary keys you need to modify the dissector. It should easy to adapt. If needed, I could easily add this but however not before the beginning of september.
Sorry for that.

best regards,

--
Frederic Roudaut


Filonenko Alexander-AAF013 a écrit : 
Frederic,

I am using ESP decryption features of your dissector and it is very useful. 
I have one question though. How can I use arbitrary (non-ASCII) encryption key with preferences available for ESP? Is the key limited to ASCII characters only? 

Thank you,
Alex

-----Original Message-----
From: Filonenko Alexander-AAF013 
Sent: Friday, February 24, 2006 4:43 PM
To: 'Ethereal development'
Subject: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload

Frederic,

I find IPsec functionality you have added to the dissector very useful.
Hope I can provide you with some feedback in a few weeks.

Thank you,
Alex Filonenko 

  
-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx 
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic 
Roudaut
Sent: Friday, February 24, 2006 10:01 AM
To: Ethereal development
Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload


Hi,

finally, I have updated my dissector using libgcrypt.
It does not use openssl anymore.
If gnutls is installed, all should work.
Thus, now it should decrypt and dissect (transport/tunnel/several 
encapsulations ...) :

- NULL Encryption Algorithm
- TripleDES-CBC [RFC2451] : keylen 192 bits.
- AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
- AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
32 bits will be used as nonce.
- DES-CBC [RFC2405] : keylen 64 bits

I also have added :

- BLOWFISH-CBC : keylen 128 bits.
- TWOFISH-CBC : keylen 128/256 bits.

You have to indicate the Authentication algorithm even if all 
Algorithms since it uses 12 bytes in the Auth field should work (have 
a look to the README to understand why I put it
;-) ). If you consider I have to throw it away please tell me.

HMAC-SHA1-96 [RFC2404]
NULL
AES-XCBC-MAC-96 [RFC3566]
HMAC-MD5-96 [RFC2403]

In the attachment you will get :
- this dissector
- a new README
- some example capture files with associated preferences files (and 
setkey config files)


Best Regards,


----
Frederic






--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71


    
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube