Is there a way to check the correct sequence of ESP packets, looking for lost ones ?
Without knowing any key or encryption algorithm, a basic quality check of an encrypted flow could be to check the
My first idea would be to extract the fields at the command line and continue with perl, but a nice feature in wireshark would be to colorize the lost packets as in TCP.
asked 03 Nov '10, 11:09
edited 03 Nov '10, 11:10
This feature does not yet exist but you can file an enhancement bug report if you wish at https://bugs.wireshark.org/bugzilla/.
Until then, you might want to use
While the above is probably the best method to use at this time (or the best method I can think of at least), there are some other things you could do in Wireshark, such as:
If there are no gaps, then the result will be zero; if you do have gaps, then what's left is the sum of all missing ESP sequence numbers. This won't necessarily tell you which ones are missing (unless you happen to get lucky where only one is missing), but it will at least tell you if there are any missing or not. Unfortunately, this method breaks down if there are any duplicate ESP packets.
answered 03 Dec '13, 13:02
edited 03 Dec '13, 13:03