Hi, I putted the keys for the ESP traffic in wireshak using the menu. It was able to decrypt and show the encrypted payload. But saving the file only saves the encrypted packets. I also used tshark with the appropriate -o options. Again it can decrypted and show me the payloads, but does not save the decrypted "packets". tcpdump offers a way to decode ESP traffic, but it does not support aes-128-cbc. I try to find a tool to decrypt the packets so I can parse the communication in real time. tshark can output to stdout, but parsing and repacking the decrypted data it not a proper way to do it. Is there any way to save the decrypted IP packets ?
Thanks, tsaitgaist _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
