decrypt-ipsec

Get the pcap file by tcpdump

$ ./decrypt-ipsec.sh dump

Dump traffic packets by tcpdump!
You can use like: ip netns 77d3b59709c6 exec tcpdump -i eth0 -venn -w ~/test.cap

Get the configration for Wireshark

$ ./decrypt-ipsec.sh config

Get Net NameSpace: /var/run/netns/77d3b59709c6
######################################
####Get ESP config for WireShark!####
######################################
src 10.42.97.15 dst 172.31.2.184
SPI: 0xc150f464}
Encryption: rfc4106(gcm(aes))
Encryption key: 0xc4cfa585815121012e244734b33c095d78b3ffa0
Authentication: Any 128 bit authentication
=========================
src 172.31.2.184 dst 10.42.97.15
SPI: 0xc7bf85c9}
Encryption: rfc4106(gcm(aes))
Encryption key: 0x958818184a3b8b6eb161e2a9e45f49e4652ad16a
Authentication: Any 128 bit authentication
=========================

Open Wireshark to set ESP protocol decoding information

Open Wireshark: Edit -> Preferences -> Protocol -> ESP

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
common.sh		common.sh
decrypt-ipsec.sh		decrypt-ipsec.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

common.sh

common.sh

decrypt-ipsec.sh

decrypt-ipsec.sh

Repository files navigation

decrypt-ipsec

Get the pcap file by tcpdump

Get the configration for Wireshark

Open Wireshark to set ESP protocol decoding information

About

Releases

Packages

Languages

niusmallnan/decrypt-ipsec

Folders and files

Latest commit

History

Repository files navigation

decrypt-ipsec

Get the pcap file by tcpdump

Get the configration for Wireshark

Open Wireshark to set ESP protocol decoding information

About

Resources

Stars

Watchers

Forks

Languages