Last active
September 1, 2020 06:36
-
-
Save wataash/d8ed9c441c8fed3cb904efbbd0ece012 to your computer and use it in GitHub Desktop.
linux L2TP/IPsec ESP decryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo ip xfrm state | |
| ↓ info for local→remote direction IPsec tunnel(ESP) | |
| src 192.168.0.2 dst 10.0.0.1 | |
| proto esp spi 0xaaaaaaaa reqid 1 mode transport | |
| replay-window 0 | |
| auth-trunc hmac(sha1) 0xbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 96 | |
| enc cbc(aes) 0xcccccccccccccccccccccccccccccccccccccccccccccccccccccccc | |
| encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 | |
| anti-replay context: seq 0x0, oseq 0xaab, bitmap 0x00000000 | |
| sel src 192.168.0.2/32 dst 10.0.0.1/32 | |
| ↓ local←remote direction | |
| src 10.0.0.1 dst 192.168.0.2 | |
| proto esp spi 0xdddddddd reqid 1 mode transport | |
| replay-window 32 | |
| auth-trunc hmac(sha1) 0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee 96 | |
| enc cbc(aes) 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff | |
| encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 | |
| anti-replay context: seq 0xa74, oseq 0x0, bitmap 0xffffffff | |
| sel src 10.0.0.1/32 dst 192.168.0.2/32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wireshark Preferences -> Protocols -> ESP
ESP SAs:
Restart Wireshark or Ctrl+Shift+L to reload
Now ESP is decrypted!