[hipl-users] Re: Wireshark plugin?

• From: Samu Varjonen <samu.varjonen@xxxxxxxxxxx>
• To: hipl-users@xxxxxxxxxxxxx
• Date: Fri, 06 Mar 2009 16:39:23 +0200

Robert Moskowitz kirjoitti:

Samu Varjonen wrote:

Robert Moskowitz kirjoitti:

Miika Komu wrote:

Robert Moskowitz wrote:

Hi,

no, you have to use "ip xfrm state" or "setkey -D".

ok. But I see that I need something for Wireshark so it will parse a HIP packet properly...

Yes, in the folder <hipl>/patches/ethereal you can find a HIP patch for the version 1.1.2 of wireshark, that you can use. I am making some updates to the patches and new binary packages of the wireshark tomorrow (including the revised patches). So, if you can wait a day you can choose between patcing and pre-compiled versions.

Samu,

This patch works great. I have installed your rpms. I had to erase the old and install your patched version. Now I have a procedural problem. Everytime I run yum update, I have to include '--exclude=wire*'. Is it possible for you to submit your patch so it gets rolled into wireshark? I know I won't see a new rpm in Centos 5.2, as the team is busy trying to put a wrap on 5.3, but it would be nice to get it for 5.3 and FC10...

I just updated the patches (proper names for the parameters and right type numbers and references to correct RFCs and so on). I am currently doing the required tests (fuzz testing) for the patch and if there is no problems, sending it to the Wireshark developers.

BR,
Samu Varjonen

Varjonen Samu wrote:

There is an ESP dissector in Wireshark without any patches needed, in Wireshark see edit->preferences->protocols->ESP. There is some configuration needed and the keys of course. So it seems it is possible to see the contents of ESP packets after dumping them, if you know the keys.

Is there a hipconf command to get the keys?

Robert Moskowitz wrote:

I seem to recall a wireshark plugin?

Would it show the contents of the ESP packets?

Or is there a way to run ESP with the NULL cipher to see what is going

across....

--
BR,
Samu

"Programmer is an organism that changes caffeine into code"

• References:
  • [hipl-users] Re: Wireshark plugin?
    • From: Robert Moskowitz

Other related posts:

• » [hipl-users] Wireshark plugin?- Robert Moskowitz
• » [hipl-users] Re: Wireshark plugin?- Varjonen Samu
• » [hipl-users] Re: Wireshark plugin?- Robert Moskowitz
• » [hipl-users] Re: Wireshark plugin?- Miika Komu
• » [hipl-users] Re: Wireshark plugin?- Robert Moskowitz
• » [hipl-users] Re: Wireshark plugin?- Samu Varjonen
• » [hipl-users] Re: Wireshark plugin?- Miika Komu
• » [hipl-users] Re: Wireshark plugin?- Robert Moskowitz
• » [hipl-users] Re: Wireshark plugin?- Robert Moskowitz
• » [hipl-users] Re: Wireshark plugin? - Samu Varjonen
• » [hipl-users] Re: Wireshark plugin?- Robert Moskowitz
• » [hipl-users] Re: Wireshark plugin?- Miika Komu

1. Home
2. hipl-users
3. Archive
4. 03-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---