Inspired by the tcpdump -E option, I have thrown together a (rough) tool
to decrypt ESP packets in pcap files. It reads one pcap file, and one
text file with SPIs and encryption keys, and writes out another pcap
file with the decrypted packets. This tool is pretty rough, but was
enough to get the job done for my particular case. The resulting pcap
file can be used by tcpdump or ethereal to do further analysis. This
tool was developed and tested on FreeBSD but should be pretty easy to
run on anything with libpcap. This is not a tool I plan to develop
further, unless I need it myself, but want to make it availble for
others to use or continue. I may not be on this list for long, so feel
free to CC me if you have questions or comments.
Sources and breif readme are available at:
http://www.cs.rpi.edu/~flemej/freebsd/espdecrypt/
Thanks for tcpdump/libpcap.
Take it easy,
-James
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
