Live Capture Decryption of WireGuard Traffic

asked 2021-07-24 12:23:57 +0000

teatime100 gravatar image

Dear WireShark Community,

I installed a WireGuard Server on Ubuntu 20.04. It is working fine and I can detect the traffic with WireShark. Now I want to do some more research about the protocol, so I want to see the decrypted traffic.

It was possible to enter the static keys in the key-log-file, but in the WireShark Wiki there is also a section about Live capture with decryption support. I was able to run "Make" to create all the files in the directory, but now when I want to run extract-handshakes.sh it is failing with the error:

echo: write error: No such file or directory

in the line

echo "p:wireguard/idxadd index_hashtable_insert ${ARGS[*]}" >> /sys/kernel/debug/tracing/kprobe_events

So it seems like the necessary WireGuard Events do not exist. There is also no wireguard-directory in the /sys/kernel/debug/tracing/events/-directory in my OS, even though the script is trying to access it.

In the Solus Forum, somebody was facing the same problem. They were not able to find a solution.

Do you have any idea what could be the problem? Otherwise it could make sense to remove this entry from the WireShark-Wiki.

Thank you for your support!

Tim

edit retag flag offensive close merge delete