Hello list!
I'm currently working with IPsec and found, that Ethereal can only decode the
non-encrypted part of the IP packets. I'm willing to correct this, so when all
the necessary keys are provided, I hope to decode the full packet and give it
to the upper layers (TCP, UDP). A check of the authentication on the way will
also be easy to implement.
How it would be best to define a Security Association (SA) inside Ethereal?
Should I add IPsec preferences entries (there is no list element possible and
I have no idea how many SAs I encounter in a network trace file) or should I
better read the SA definitions in a self-made file format from a configuration
file? For all the non-IPsec-users: SA is basically based on an integer number
in every packet and the destination address. The resulting data contain the
encryption method+key and the authentication method+key. So we have a table
with something like
123 1.2.3.4 ESP -> des 0xdeadbeefdeadbeef + md5 0xdeadbeefdeadbeef
124 1.2.3.5 ESP -> 3des 0xdeadbeefdeadbeef + md4 0xdeadbeefdeadbeef
125 1.2.3.6 AH -> md4 0xdeadbeefdeadbeef
126 1.2.3.7 ESP -> null + md5 0xdeadbeefdeadbeef
...
I don't intend to get the keys from an IKE (ISAKMP) scheme.
The first step is implement the SA finding process and then comes the
authentication checking. After this I can finally start to decrypt the ESP part
of IPsec.
Bye, Uwe
