[Openswan Users] Decrypt ESP packets with wireshark for tunnel mode (Openswan)
Willie Gillespie
wgillespie+openswan at es2eng.com
Fri Nov 12 08:12:54 EST 2010
Have you looked over this page?
<http://wiki.wireshark.org/ESP_Preferences>
They give a few examples. You might as well leave the tunnel encrypted
and just give Wireshark whatever it needs to properly decrypt things.
Kevin Wilson wrote:
> Hello,
> I want to be able to decrypt ESP packets which are sent with openswan IPsec
> client in tunnel mode with wireshark.
> In wireshark, we have under Edit->Preferences->Protocols
> the following fields:
>
> Attempt to detect/decode encrypted ESP payloads
> Encryption Algorithm #1
>
> where you can choose from the following list:
> "NULL",
> "TripleDES-CBC [RFC2451]",
> "AES-CBC [RFC3602]",
> "AES-CTR [RFC3686]",
> "DES-CBC [RFC2405]",
> "CAST5-CBC [RFC2144]",
> "BLOWFISH-CBC [RFC2451]",
> "TWOFISH-CBC",
>
> Encryption Algorithm #2. (with same options)
>
> SA#1
> SA#2
> Encryption key #1
> Encryption key #2
> (and some more fields)
>
> What should I add in /etc/ipsec.conf so that I can use wireshark to sniff
> traffic ? I tried some entries (like ike=null, phase2alg=null), but the
> ESP packet is still showed as decrypted in the sniffer. I do know of course
> the keys on both sides (these are preshared keys).
> It would be helpful if anybody which tried sniffing and decrypting ESP packets
> could comment or give some info about it.
>
>
> Rgs,
> Kevin
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6456 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20101112/c47fa18e/attachment-0001.bin
More information about the Users
mailing list