Wireshark-dev: [Wireshark-dev] Test decryption ESP and ISAKMP on wireshark

From: Codrut Grosu <cgrosu@xxxxxxxxxxx>
Date: Thu, 11 Aug 2016 09:51:50 +0000

Hi,



I just finished writing a plugin for strongSwan[1], an open source IPsec-based VPN Solution, that will export ESP, IKEv1 and IKEv2 decryption tables in a wireshark compatible format.[2],[3]

Now I want to test the plugin. Until now, I run strongSwan with the new plugin loaded, then I make a wireshark capture with ISAKMP and ESP packets and then I check if the packets are decrypted using wireshark gui.


Now, is there a way to check if the wireshark decryption table that was generated by the new strongSwan plugin is compatible with wireshark and if it is compatible to check if it decrypts the pakets?... all that without using wireshark gui.



Cheers,

Codrut.


[1]: https://www.strongswan.org/

www.strongswan.org
strongSwan is an Open Source IPsec-based VPN solution for Linux and other UNIX based operating systems implementing both the IKEv1 and IKEv2 key exchange protocols.

[2]: https://wiki.strongswan.org/issues/1557


[3]: https://github.com/strongswan/strongswan/pull/49