[Openswan Users] Decrypt ESP packets with wireshark for tunnel mode (Openswan)
paul at xelerance.com
Fri Nov 12 12:15:57 EST 2010
On Fri, 12 Nov 2010, Kevin Wilson wrote:
> I want to be able to decrypt ESP packets which are sent with openswan IPsec
> client in tunnel mode with wireshark.
I know you can with tcpdump -E. See the man page for -E
> What should I add in /etc/ipsec.conf so that I can use wireshark to sniff
> traffic ?
You should not need anything. Though make sure pfs=no
Note with KLIPS, there is debugging within the stack, so instead of sniffing
you can just run ipsec klipsdebug --all and then send a packet and check dmesg.
More information about the Users