This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I'm working at a strongSwan plugin that will generate a IKEv2 decryption table for wireshark.

In IKEv2 decryption table(wireshark) at encryption algorithm field there are only the following algorithms: "3DES[RFC2451]", "AES-CBC-128[RFC3602]", "AES-CBC-192[RFC3602]", "AES-CBC-256[RFC3602]" and "NULL[RFC2410]".

But strongSwan accepts AEAD cyphers like: AES_CCM_ICV8, AES_CCM_ICV12, AES_CCM_ICV16, AES_GCM_ICV8, AES_GCM_ICV12, AES_GCM_ICV16, NULL_AUTH_AES_GMAC, CAMELLIA_CCM_ICV8, CAMELLIA_CCM_ICV12, CAMELLIA_CCM_ICV16 and CHACHA20_POLY1305.

So, wireshark can decrypt packets that are encrypted with AEAD cyphers?

Thanks, Codrut

asked 02 Aug '16, 00:49

Codrut%20Cristian%20Grosu's gravatar image

Codrut Crist...
6335
accept rate: 0%


Once the ISAKMP dissector is adapted to setup the decryption parameters for those it would be able to do so. Currently it's not. You could file an enhancement request to this effect referencing this question and providing a sample capture would help things along.

permanent link

answered 02 Aug '16, 05:09

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×34
×5
×2

question asked: 02 Aug '16, 00:49

question was seen: 989 times

last updated: 02 Aug '16, 05:09

p​o​w​e​r​e​d by O​S​Q​A