[hipl-users] Re: Wireshark plugin?

  • From: Miika Komu <miika.komu@xxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Mon, 16 Mar 2009 22:44:06 +0200

Robert Moskowitz wrote:

Hi,

"ip xfrm state" gives you the keys for IPsec so that you see packet contents.

There is also an extension in hipconf to turn on NULL mode:

transform order <integer> (1=AES, 2=3DES, 3=NULL and place them to order like 213 for the order 3DES, AES and NULL)

The Initiator chooses the cipher from the Resppnder's selection if I recall correctly.

Miika Komu wrote:
Robert Moskowitz wrote:

Hi,

no, you have to use "ip xfrm state" or "setkey -D".

So what is this? Where do I use them?


Varjonen Samu wrote:
There is an ESP dissector in Wireshark without any patches needed, in Wireshark see edit->preferences->protocols->ESP. There is some configuration needed and the keys of course. So it seems it is possible to see the contents of ESP packets after dumping them, if you know the keys.

Is there a hipconf command to get the keys?



Robert Moskowitz wrote:
I seem to recall a wireshark plugin?

Would it show the contents of the ESP packets?

Or is there a way to run ESP with the NULL cipher to see what is going
across....















Other related posts: