Revision history [back]

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ike2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wirehsark GUI but it does not work for me.

I tried to run something like: thskar -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcap but the IKEv2 packets are not decrypting at all.

Can someone help me to specify the ike_decryption_file from Strongswan to decrypt this pcap?

Thanks

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ike2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wirehsark GUI but it does not work for me.

I tried to run something like: thskar -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcap but the IKEv2 packets are not decrypting at all.

Can someone help me to specify the ike_decryption_file from Strongswan to decrypt this pcap?

Thanks

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ike2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wirehsark GUI but it does not work for me.

I tried to run something like: thskar -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcap but the IKEv2 packets are not decrypting at all.

Can someone help me to specify the ike_decryption_file from Strongswan to decrypt this pcap?

Thanks

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ike2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wirehsark GUI but it does not work for me.

I tried to run something like: thskar -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcap but the IKEv2 packets are not decrypting at all.

Can someone help me to specify the ike_decryption_file from Strongswan to decrypt this pcap?

Thanks

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ike2_decryption_tableikev2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wirehsark wireshark GUI but it does not work for me.

I tried to run something like: thskar -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcap but the IKEv2 packets are not decrypting at all.

Can someone help me to specify the ike_decryption_file ikev2_decryption_file from Strongswan to decrypt this pcap?

Thanks

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ikev2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wireshark GUI but it does not work for me.

I tried to run something like: thskar -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcap but the IKEv2 packets are not decrypting at all.

Can someone help me to specify the ikev2_decryption_file from Strongswan to decrypt this pcap?

Thanks

Hi all,

I want to decrypt a .pcap which has an IPsec communication establishment (with IKE_AUTH and INFORMATIONAL fragment encrypted) and save the result in a .pcap file with all these packets decrypted. I'm using Strongswan so I have the ikev2_decryption_table file and with Wireshark I'm able to decrypt this pcap but I would want to do that using thsarktshark or editcap or any other useful tool.

I saw that tshark allow preferences to specify some things like in wireshark GUI but it does not work for me.

I tried to run something like: like:

tshark -r original_pcap.pcap -o isakmp.ikev2_decryption_table:ike_decryption_table_from_strongswan -w test.pcaptest.pcap