Ask Your Question
0

How to make Wireshark GUI reload ikev2_decryption_table without restarting?

asked 2019-11-09 05:52:24 +0000

hgl gravatar image

updated 2019-11-09 05:57:14 +0000

I'm trying to analyze a IKEv2 connection, but I won't be able to create the ikev2_decryption_table file until I've started connecting, but I have start Wireshark GUI before I make the connection to capture all packets.

After I update the ikev2_decryption_table file, how do I ask Wireshark to reload the file and start decrypting the traffic?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-11-03 20:28:34 +0000

daniele de matteis gravatar image

Ctrl+Shift+L (or Analyze > Reload Lua Plugins)

This makes wireshark reload the file <user>/.config/wireshark/ikev2_decryption_table, like it usually does at startup.

This may be useful if you edited such file by yourself, for ex. by a script that automatically reads all parameters from your ipsec log (SPI's, SK's, encryption and integrity algorithms) and formats them into a proper wireshark/ikev2_decryption_table entry.

But the usual way is to add all parameters from GUI: Edit > Preferences > Protocols > ISAKMP > IKEv2 Decryption Table Edit

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-11-09 05:52:24 +0000

Seen: 414 times

Last updated: Nov 09 '19

Related questions

Decrypt SSL TN3270 (telnet) traffic?

How to get a web address through a packet

Unable to decrypt HTTPS TLSv1.2 traffic with wireshark (sha1WithRSAEncryption)

mqtt ssl decrypt

tshark capture filter with live ssl decryption

Export decrypted ESP traffic to cap/pcap file

MDaemon Windows Server SSL Certificates

Cannot decrypt POST requests in monitor mode [closed]

how to setup wireshark to decrypt TLS SIP

BTmesh dissector not decrypting