decrypt-ipsec

Get the pcap file by tcpdump

$ ./decrypt-ipsec.sh dump

Dump traffic packets by tcpdump!
You can use like: ip netns 77d3b59709c6 exec tcpdump -i eth0 -venn -w ~/test.cap

Get the configration for Wireshark

$ ./decrypt-ipsec.sh config

Get Net NameSpace: /var/run/netns/77d3b59709c6
######################################
####Get ESP config for WireShark!####
######################################
src 10.42.97.15 dst 172.31.2.184
SPI: 0xc150f464}
Encryption: rfc4106(gcm(aes))
Encryption key: 0xc4cfa585815121012e244734b33c095d78b3ffa0
Authentication: Any 128 bit authentication
=========================
src 172.31.2.184 dst 10.42.97.15
SPI: 0xc7bf85c9}
Encryption: rfc4106(gcm(aes))
Encryption key: 0x958818184a3b8b6eb161e2a9e45f49e4652ad16a
Authentication: Any 128 bit authentication
=========================

Open Wireshark to set ESP protocol decoding information

Open Wireshark: Edit -> Preferences -> Protocol -> ESP

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
common.sh		common.sh
decrypt-ipsec.sh		decrypt-ipsec.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

decrypt-ipsec

Get the pcap file by tcpdump

Get the configration for Wireshark

Open Wireshark to set ESP protocol decoding information

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

decrypt-ipsec

Get the pcap file by tcpdump

Get the configration for Wireshark

Open Wireshark to set ESP protocol decoding information

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages