stackoom
  简体   繁体   中英

wireshark 2.2.5 - how to set ESP preference from command line

 原文  2017-03-08 08:44:58       command-line/ wireshark/ preferences/ tshark

Question

I'm finding a way to set ESP preference, ie encryption keys, authentication keys, from command line. I have tried below command but wireshark always says no preference matches mine

tshark -i - -Y "sip||esp" -d tcp.port=="5000-65535",sip -d udp.port=="5000-65535",sip -T text -l -O "sip,esp" -o esp.enable_null_encryption_decode_heuristic:true -o esp.enable_authentication_check:true -o esp.enable_encryption_decode:true -o "esp.sa_1:IPv4|*|*|*" -o "esp.encryption_algorithm_1:AES-CBC [RFC3602]" -o "esp.encryption_key_1:0xC5DA46E7FF43C8D6C0DD3A2707E42E05" -o "esp.authentication_algorithm_1:HMAC-MD5-96 [RFC2403]" -o "esp.authentication_key_1:0xE5A349FCBAD409D15C766702CD400BA4" > D:\\test\\dump2.txt

It's always said that "esp.sa_1" flag is unknown. Same as esp.encryption_algorithm_1 and esp.authentication_algorithm_1, and so on.

I have searched around and think that esp.sa_1 is only available in older version of wireshark.

Does anyone know how to have these preference on wireshark 2.2.5?

Thank so much!

1 answers

solution1
 1  2017-03-08 15:18:24

Unfortunately, the ESP preferences wiki page is out of date. The ESP preferences have been changed to a UAT (User Access Table), so you can more simply create an esp_sa file instead of specifying individual preferences. Probably the easiest way to learn the format of the file is to create one in Wireshark first, but from the source code , you can see that each entry contains the following information:

  • Protocol used
  • Source address
  • Destination address
  • SPI
  • Encryption algorithm
  • Encryption key
  • Authentication algorithm
  • Authentication key

For example, an entry might look like: 

"IPv4","","","","AES-CBC [RFC3602]","0xC5DA46E7FF43C8D6C0DD3A2707E42E05","HMAC-MD5-96 [RFC2403]","0xE5A349FCBAD409D15C766702CD400BA4"

But if you really want to specify these options on the command-line rather than creating or modifying the esp_sa file, then you can do so. From section 10.2, Start Wireshark from the command line , of the Wireshark User Guide:

User access tables can be overridden using “uat,” followed by the UAT file name and a valid record for the file: 

wireshark -o "uat:user_dlts:\"User 0 (DLT=147)\",\"http\",\"0\",\"\",\"0\",\"\""

The example above would dissect packets with a libpcap data link type 147 as HTTP, just as if you had configured it in the DLT_USER protocol preferences.

So, in your case, you would use something like so:

Unix 

tshark.exe -o 'uat:esp_sa:"IPv4","","","","AES-CBC [RFC3602]","0xC5DA46E7FF43C8D6C0DD3A2707E42E05","HMAC-MD5-96 [RFC2403]","0xE5A349FCBAD409D15C766702CD400BA4"'

Windows 

tshark.exe -o "uat:esp_sa:\"IPv4\",\"\",\"\",\"\",\"AES-CBC [RFC3602]\",\"0xC5DA46E7FF43C8D6C0DD3A2707E42E05\",\"HMAC-MD5-96 [RFC2403]\",\"0xE5A349FCBAD409D15C766702CD400BA4\""

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set proxy from command line Windows 7 how to set command line for electron how to set default device in iOS simulator from command line eclipse cdt - how to set the active build configuration from the command line How to set column width in Informix isql query from command line How set new value for the annotation from the command line? How do I set the timezone from command line ? JUnit set timeout from command line Set system property from javadoc command line Way to set date automatically from command line
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM