Re: Decrypting VPN captures

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 09/25/01


Date: Mon, 24 Sep 2001 23:18:57 -0400 (EDT)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: <focus-linux@securityfocus.com>
Subject: Re: Decrypting VPN captures
Message-ID: <Pine.LNX.4.30.0109242317280.28464-100000@biocserver.BIOC.CWRU.Edu>


(offensive stuff about DES removed :P )

to the original poster-

how are you trying to add cryptography support to tcpdump? simply
-lcrypto? or have you actually modified tcpdump's code to really add
payload decryption routines? look at ssldump at all for a starting point?

you should be able to dump packet payloads into a file and decrypt it,
provided you know the key (since you control the ends of the VPN, if
you're using manual keying it should be easy, if you have the code to the
automatic key exchange daemon you can easily modify it to dump the key to
a file to be used for decryption. you can feed it to a small app built on
OpenSSL and decrypt your data.

hope this helps.

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)