Hi,
Did this happen? What's the bug number?
Thanks
Jaap
On 07/23/2012 04:43 PM, Alexis La Goutte wrote:
Hi,
It is better to create a bug in bugtracker ( https://bugs.wireshark.org ) to no
forget your problem...
Regards,
On Thu, Jun 28, 2012 at 5:51 PM, Susanne Goldammer <Susanne.Goldammer@xxxxxx
<mailto:Susanne.Goldammer@xxxxxx>> wrote:
Hi all,
today i was trying to use this feature to decrypt IKEv1 messages
exchanged during Main Mode. Herefor i added the Initiator Cookie and the
Encryption Key to the IKEv1 Decryption Table. Unfortunately this did not
help. I used Wireshark version 1.8.0.
A source code analysis then showed up, that the code is checking whether
the connection is using Authentication-Method: PSK. In my case it does
not use a PSK but RSA-SIG method. So i changed the code
epan/dissectors/packet-isakmp.c:1728
if (!decr ||
decr->is_psk == FALSE || <-- removed this line
decr->gi_len == 0 ||
decr->gr_len == 0)
return NULL;
and deactivated the line checking for is_psk.
Then it was possible to decode the ISAKMP payload (Encrypted data). So
the code seems to work for non PSK connections, too.
Now i was wondering about the reason for this check. Is it possible to
remove this for future versions to make the IKEv1 decryption work for
non PSK connections?
Thanks a lot for your replies.
Susanne
