2

I understand that we can use wireshark or tshark to decryptm, in offline mode, IPSec packets that are encrypted using ESP. Is it possible to do the reverse using tshark or another userspace (vs. kernel-space) application? In other words, is there any application that can be used to encrypt IP packets (e.g., captured using wireshark), in offline mode, into IPSec packets using ESP protocol?

Thank you!

Salem Derisavi
  • 137
  • 1
  • 10

1 Answers1

4

You can use scapy with ipsec.py.

Example of use: server# scapy

>>> load_layer("ipsec")
>>> sa = SecurityAssociation(ESP, spi=0xdeadbeef, crypt_algo='AES-CBC',
                          crypt_key='sixteenbytes key')
>>> p = IP(src='1.1.1.1', dst='2.2.2.2')
>>> p /= TCP(sport=45012, dport=80)
>>> p /= Raw('testdata')
>>> p = IP(str(p))
>>> e = sa.encrypt(p)

http://fossies.org/linux/scapy/scapy/layers/ipsec.py

ymcho
  • 56
  • 3