Ethereal-dev: [Ethereal-dev] Claimed ISAKMP decode in 0.99.0 release

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Roger Henry <r.henry@xxxxxxxxxxxx>
Date: Wed, 10 May 2006 11:19:09 +0100
Hi

The release notes for 0.99.0 include:

The source distribution of Ethereal now supports SSL, IPsec ESP, and
ISAKMP decryption.

I have successfully built 0.99.0 from source, linked with libgcrypt and
with the define needed in packet-ipsec.c to enable ESP decoding options.

It comes as really no surprise to learn that ESP decryption depends on
knowledge of the symmetric encryption key - which means that manual SA's
need to be in use and not those established using ISAKMP/IKE.

There is no decryption of ISAKMP, which is also no surprise as Ethereal
would somehow have to act as man-in-the middle to defeat the
Diffie-Hellman exchange. In addition, it would be necessary to be able
to tell Ethereal details of the ISAKMP authentication (pre-shared key or
public/private key pair and certificate).

Or have I missed something?

Regards

Roger Henry
Informed Computing