[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-dev
Subject: [Wireshark-dev] Question regarding decryption of ikev1 ISAKMP messages
From: Susanne Goldammer <Susanne.Goldammer () gmx ! de>
Date: 2012-06-28 15:51:05
Message-ID: 4FEC7D69.6050808 () gmx ! de
[Download RAW message or body]
Hi all,
today i was trying to use this feature to decrypt IKEv1 messages
exchanged during Main Mode. Herefor i added the Initiator Cookie and the
Encryption Key to the IKEv1 Decryption Table. Unfortunately this did not
help. I used Wireshark version 1.8.0.
A source code analysis then showed up, that the code is checking whether
the connection is using Authentication-Method: PSK. In my case it does
not use a PSK but RSA-SIG method. So i changed the code
epan/dissectors/packet-isakmp.c:1728
if (!decr ||
decr->is_psk == FALSE || <-- removed this line
decr->gi_len == 0 ||
decr->gr_len == 0)
return NULL;
and deactivated the line checking for is_psk.
Then it was possible to decode the ISAKMP payload (Encrypted data). So
the code seems to work for non PSK connections, too.
Now i was wondering about the reason for this check. Is it possible to
remove this for future versions to make the IKEv1 decryption work for
non PSK connections?
Thanks a lot for your replies.
Susanne
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic