GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ipdecap(1) FreeBSD General Commands Manual ipdecap(1)

ipdecap - Decapsulate GRE, IPIP, 6in4 and ESP (Ipsec) packets

ipdecap [-v] [-l] [-V] -i input.cap -o output.cap [-c esp.conf] [-f <bpf filter>]

Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4 and ESP (ipsec) protocols, and can also remove virtual lan (IEEE 802.1Q) header.

It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file.
For encrypted protocols (like ESP), a configuration (--conf) with algorithms, hosts, spi and key is mandatory.

Integrity Check Value from AH header is not yet checked.

A bpf filter (-f <filter>) can be applied to limit the packets processed from the input file:

ipdecap -i esp.cap -o out.cap -f "src 192.0.2.1 and dst 192.0.2.2"

At the moment, the following encapsulation protocols are supported:

IPIP, GRE (IPv4)

6in4 (IPv6 encapsulated within IPv4)

ESP (ipsec) (IPv4)

Encryption algorithms: des-cbc 3des-cbc aes128-cbc aes128-ctr null_enc

Authentification algorithms: hmac_sha1-96 hmac_md5-96 aes_xcbc_mac-96 null_auth any96 any128 any160 any192 any256 any384 any512

-i, --input input file
The pcap file to read packets from.
-o, --output output file
The pcap file to write decapsulated packets to.
-c, --conf esp configuration file
A file with security associations parameters used to decrypt ESP packets, one line per flow. The line's format is:

<host A IP address> <host B IP address> <encryption algorithm> <authentification algorithm> <key (hex)> <SPI (hex)>

For example, to decrypt both flows from A to B and B to A you will need two lines:

192.168.2.100 192.168.2.101 3des-cbc hmac_sha1-96 0x785778a2d4b0f36bf17a8c55d9b6cea7abcdef43f9d0d8b0 0x04022464
192.168.2.101 192.168.2.100 3des-cbc hmac_sha1-96 0xdeadbeeffff23a964457224d4a05121247bdbc8f0dda23fc 0x02250089

Separator is space or tabulation, if key is useless (null_enc), just put "0". Both spi and key must be in hexadecimal format.
The configuration file can be generated from setkey -Da output thanks to the provided sadb2conf.awk script.

-v, --verbose
Print more details for each packet processed (encapsulation protocol, sucessfully decryption if IPsec, ...)
-V, --version
print version
-l, --list
List supported ESP encryption and authentication algorithms

-ESP transport mode not supported

Ipdecap is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Copyright 2012-2016 Loic Pefferkorn

This program is distributed under the terms of the GNU General Public License V3 as published by the Free Software Foundation.

Loic Pefferkorn. Use <loic-ipdecap@loicp.eu> to contact the developer.

Ipdecap homepage: https://loicpefferkorn.net/ipdecap/

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.