Re: Decrypting VPN capturesFrom: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
- Previous message: Shannon Lee: "Re: Floppy Linuxes, Kickstart"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Sep 2001 23:18:57 -0400 (EDT) From: Jose Nazario <jose@biocserver.BIOC.cwru.edu> To: <firstname.lastname@example.org> Subject: Re: Decrypting VPN captures Message-ID: <Pine.LNX.4.30.0109242317280.28464-100000@biocserver.BIOC.CWRU.Edu>
(offensive stuff about DES removed :P )
to the original poster-
how are you trying to add cryptography support to tcpdump? simply
-lcrypto? or have you actually modified tcpdump's code to really add
payload decryption routines? look at ssldump at all for a starting point?
you should be able to dump packet payloads into a file and decrypt it,
provided you know the key (since you control the ends of the VPN, if
you're using manual keying it should be easy, if you have the code to the
automatic key exchange daemon you can easily modify it to dump the key to
a file to be used for decryption. you can feed it to a small app built on
OpenSSL and decrypt your data.
hope this helps.
jose nazario email@example.com
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)