brb/tshark-esp.sh

## tshark-esp.sh
#!/bin/sh

set -eu

HOST=$1
PCAP=$2
AWK_CMD='{print "\"IPv4\",\"" $2 "\",\"" substr($4, 1, length($4)-1) "\",\"" $8 "\",\"AES-GCM [RFC4106]\",\"" $19 "\",\"ANY 128 bit authentication [no checking]\",\"\""}'

ssh $HOST "sudo ip -o xfrm state" | awk "$AWK_CMD" >> $HOME/.config/wireshark/esp_sa
tshark -o esp.enable_encryption_decode:TRUE -d udp.port==6784,vxlan -nr $PCAP esp
	#!/bin/sh

	set -eu

	HOST=$1
	PCAP=$2
	AWK_CMD='{print "\"IPv4\",\"" $2 "\",\"" substr($4, 1, length($4)-1) "\",\"" $8 "\",\"AES-GCM [RFC4106]\",\"" $19 "\",\"ANY 128 bit authentication [no checking]\",\"\""}'

	ssh $HOST "sudo ip -o xfrm state" \| awk "$AWK_CMD" >> $HOME/.config/wireshark/esp_sa
	tshark -o esp.enable_encryption_decode:TRUE -d udp.port==6784,vxlan -nr $PCAP esp