ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] IPsec Dissector to decrypt ESP Payload

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Filonenko Alexander-AAF013" <AAF013@xxxxxxxxxxxx>
Date: Tue, 1 Aug 2006 16:43:24 -0400
Frederic,
 
Thank you for the response. While adding this feature, do you plan to add another checkbox in the ESP preferences so the user can switch between ASCII/hex modes for encryption keys?
 
Thank you,
Alex Filonenko
 
 

From: Frédéric Roudaut [mailto:roudaut.frederic@xxxxxxx]
Sent: Tuesday, August 01, 2006 5:19 AM
To: Filonenko Alexander-AAF013
Cc: Ethereal development; Developer support list for Wireshark
Subject: Re: IPsec Dissector to decrypt ESP Payload

Hi,

sorry for my late answer. You're right for the key. To enter binary keys you need to modify the dissector. It should easy to adapt. If needed, I could easily add this but however not before the beginning of september.
Sorry for that.

best regards,

--
Frederic Roudaut


Filonenko Alexander-AAF013 a écrit : 
Frederic,

I am using ESP decryption features of your dissector and it is very useful. 
I have one question though. How can I use arbitrary (non-ASCII) encryption key with preferences available for ESP? Is the key limited to ASCII characters only? 

Thank you,
Alex

-----Original Message-----
From: Filonenko Alexander-AAF013 
Sent: Friday, February 24, 2006 4:43 PM
To: 'Ethereal development'
Subject: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload

Frederic,

I find IPsec functionality you have added to the dissector very useful.
Hope I can provide you with some feedback in a few weeks.

Thank you,
Alex Filonenko 

  
-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx 
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic 
Roudaut
Sent: Friday, February 24, 2006 10:01 AM
To: Ethereal development
Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload


Hi,

finally, I have updated my dissector using libgcrypt.
It does not use openssl anymore.
If gnutls is installed, all should work.
Thus, now it should decrypt and dissect (transport/tunnel/several 
encapsulations ...) :

- NULL Encryption Algorithm
- TripleDES-CBC [RFC2451] : keylen 192 bits.
- AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
- AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
32 bits will be used as nonce.
- DES-CBC [RFC2405] : keylen 64 bits

I also have added :

- BLOWFISH-CBC : keylen 128 bits.
- TWOFISH-CBC : keylen 128/256 bits.

You have to indicate the Authentication algorithm even if all 
Algorithms since it uses 12 bytes in the Auth field should work (have 
a look to the README to understand why I put it
;-) ). If you consider I have to throw it away please tell me.

HMAC-SHA1-96 [RFC2404]
NULL
AES-XCBC-MAC-96 [RFC3566]
HMAC-MD5-96 [RFC2403]

In the attachment you will get :
- this dissector
- a new README
- some example capture files with associated preferences files (and 
setkey config files)


Best Regards,


----
Frederic






--
Frédéric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71


    
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube