Ethereal-dev: Re: [Ethereal-dev] IPsec dissector to decrypt ESP Payload

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Frederic Roudaut <frederic.roudaut@xxxxxxxx>
Date: Wed, 22 Feb 2006 17:03:38 +0100



Hi all,


Because I received no comment about my dissector, I ask again ;-).
Is there any need for my update ? Does anyone plan to use it ?

Best regards

----
Frederic








Frederic roudaut a �crit :



Hi everyone,

I adapted the IPSEC dissector in order to decrypt ESP payload based on
known SAs.It uses the few algorithms described in RFC 4305.
It also uses libopenssl.

If you prefer a patch please ask me. Otherwise, the file is the following :
- packet-ipsec.c

(It is still possible to decrypt ESP payloads with the assumption that it is null encrypted and the Authenticator field is 12 bytes as in the
original dissector).

I wrote a little doc in :
- README_DISSECTOR_IPSEC (have a look to install the dissector)

And I put exemple files :

- A capture file : capture.pcap

- Some preferences files with the configurations for v4 and V6
        - preferences_v4
        - preferences_v6

- The sad has been run using : ipsec.conf (config file for setkey)
  I have not tested it for AES-CTR. So if you can, please send me a
  report on it.

- If you want to get another capture file. You may use both following
scripts on Linux:
         - neigh.sh : for establishing neighborhood
         - ping_v6_v4.sh : in order to send ping v4 and v6


I hope it will be helpfull for some of you.


Best regards,


--
Fr�d�ric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71



--
Fr�d�ric ROUDAUT
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71

Attachment: IPSEC_1.0.tgz
Description: application/compressed