[strongSwan] save decrypted ESP
tsaitgaist
ml at mail.tsaitgaist.info
Thu Mar 3 18:32:18 CET 2011
Hi,
I putted the keys for the ESP traffic in wireshak using the menu.
It was able to decrypt and show the encrypted payload.
But saving the file only saves the encrypted packets.
I also used tshark with the appropriate -o options.
Again it can decrypted and show me the payloads, but does not save the
decrypted "packets".
tcpdump offers a way to decode ESP traffic, but it does not support
aes-128-cbc.
I try to find a tool to decrypt the packets so I can parse the
communication in real time. tshark can output to stdout, but parsing and
repacking the decrypted data it not a proper way to do it.
Is there any way to save the decrypted IP packets ?
Thanks,
tsaitgaist
More information about the Users
mailing list