tcpdump mailing list archives
tool for decrypting ESP packets in pcap files
From: "James E. Flemer" <jflemer () uvm edu>
Date: Tue, 02 Sep 2003 17:10:17 -0400
Inspired by the tcpdump -E option, I have thrown together a (rough) tool to decrypt ESP packets in pcap files. It reads one pcap file, and one text file with SPIs and encryption keys, and writes out another pcap file with the decrypted packets. This tool is pretty rough, but was enough to get the job done for my particular case. The resulting pcap file can be used by tcpdump or ethereal to do further analysis. This tool was developed and tested on FreeBSD but should be pretty easy to run on anything with libpcap. This is not a tool I plan to develop further, unless I need it myself, but want to make it availble for others to use or continue. I may not be on this list for long, so feel free to CC me if you have questions or comments.
Sources and breif readme are available at: http://www.cs.rpi.edu/~flemej/freebsd/espdecrypt/ Thanks for tcpdump/libpcap. Take it easy, -James - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- tool for decrypting ESP packets in pcap files James E. Flemer (Sep 02)
- Re: tool for decrypting ESP packets in pcap files Michael Richardson (Sep 02)
- Re: tool for decrypting ESP packets in pcap files James E. Flemer (Sep 03)
- Re: tool for decrypting ESP packets in pcap files Michael Richardson (Sep 04)
- Re: tool for decrypting ESP packets in pcap files James E. Flemer (Sep 03)
- Re: tool for decrypting ESP packets in pcap files Michael Richardson (Sep 02)