Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
ipdecap(1)		    General Commands Manual		    ipdecap(1)

NAME
       ipdecap - Decapsulate GRE, IPIP,	6in4 and ESP (Ipsec) packets

SYNOPSIS
       ipdecap	[-v]  [-l]  [-V]  -i input.cap -o output.cap [-c esp.conf] [-f
       <bpf filter>]

DESCRIPTION
       Ipdecap can decapsulate traffic encapsulated within GRE,	IPIP, 6in4 and
       ESP (ipsec) protocols, and can also remove virtual  lan	(IEEE  802.1Q)
       header.

       It reads	packets	from an	pcap file, removes the encapsulation protocol,
       and writes them to another pcap file.
       For encrypted protocols (like ESP), a configuration (--conf) with algo-
       rithms, hosts, spi and key is mandatory.

       Integrity Check Value from AH header is not yet checked.

       A  bpf  filter  (-f  <filter>)  can  be	applied	 to  limit the packets
       processed from the input	file:

	       ipdecap -i  esp.cap  -o	out.cap	 -f  "src  192.0.2.1  and  dst
	      192.0.2.2"

       At the moment, the following encapsulation protocols are	supported:

       IPIP, GRE (IPv4)

       6in4 (IPv6 encapsulated within IPv4)

       ESP (ipsec) (IPv4)

	      Encryption  algorithms:  des-cbc	3des-cbc aes128-cbc aes128-ctr
	      null_enc

	      Authentification	  algorithms:	  hmac_sha1-96	   hmac_md5-96
	      aes_xcbc_mac-96  null_auth  any96	 any128	 any160	 any192	any256
	      any384 any512

OPTIONS
       -i, --input input file
	      The pcap file to read packets from.

       -o, --output output file
	      The pcap file to write decapsulated packets to.

       -c, --conf esp configuration file
	      A	file with security associations	parameters used	to decrypt ESP
	      packets, one line	per flow. The line's format is:

	      <host A IP address> <host	B IP address>  <encryption  algorithm>
	      <authentification	algorithm> <key	(hex)> <SPI (hex)>

	      For  example,  to	 decrypt both flows from A to B	and B to A you
	      will need	two lines:

		     192.168.2.100   192.168.2.101    3des-cbc	  hmac_sha1-96
		     0x785778a2d4b0f36bf17a8c55d9b6cea7abcdef43f9d0d8b0
		     0x04022464
		     192.168.2.101 192.168.2.100 3des-cbc hmac_sha1-96 0xdead-
		     beeffff23a964457224d4a05121247bdbc8f0dda23fc 0x02250089

	      Separator	 is space or tabulation, if key	is useless (null_enc),
	      just put "0". Both spi and key must be in	hexadecimal format.
	      The configuration	file can be generated from setkey  -Da	output
	      thanks to	the provided sadb2conf.awk script.

       -v, --verbose
	      Print more details for each packet processed (encapsulation pro-
	      tocol, sucessfully decryption if IPsec, ...)

       -V, --version
	      print version

       -l, --list
	      List supported ESP encryption and	authentication algorithms

       BUGS

       -ESP transport mode not supported

NO WARRANTIES
       Ipdecap	is distributed in the hope that	it will	be useful, but WITHOUT
       ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY  or
       FITNESS	FOR  A PARTICULAR PURPOSE.  See	the GNU	General	Public License
       for more	details.

LICENSE
       Copyright 2012-2016 Loic	Pefferkorn

       This program is distributed under the terms of the GNU  General	Public
       License V3 as published by the Free Software Foundation.

AUTHOR
       Loic Pefferkorn.	 Use <loic-ipdecap@loicp.eu> to	contact	the developer.

       Ipdecap homepage: https://loicpefferkorn.net/ipdecap/

								    ipdecap(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipdecap&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help