Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ipdecap(1)		    General Commands Manual		    ipdecap(1)

NAME
       ipdecap - Decapsulate GRE, IPIP,	6in4 and ESP (Ipsec) packets

SYNOPSIS
       ipdecap	[-v]  [-l]  [-V]  -i input.cap -o output.cap [-c esp.conf] [-f
       <bpf filter>]

DESCRIPTION
       Ipdecap can decapsulate traffic encapsulated within GRE,	IPIP, 6in4 and
       ESP  (ipsec)  protocols,	 and can also remove virtual lan (IEEE 802.1Q)
       header.

       It reads	packets	from an	pcap file, removes the encapsulation protocol,
       and writes them to another pcap file.
       For encrypted protocols (like ESP), a configuration (--conf) with algo-
       rithms, hosts, spi and key is mandatory.

       Integrity Check Value from AH header is not yet checked.

       A bpf filter (-f	<filter>) can be applied to  limit  the	 packets  pro-
       cessed from the input file:

	       ipdecap	-i  esp.cap  -o	 out.cap  -f  "src  192.0.2.1  and dst
	      192.0.2.2"

       At the moment, the following encapsulation protocols are	supported:

       IPIP, GRE (IPv4)

       6in4 (IPv6 encapsulated within IPv4)

       ESP (ipsec) (IPv4)

	      Encryption algorithms: des-cbc  3des-cbc	aes128-cbc  aes128-ctr
	      null_enc

	      Authentification	   algorithms:	   hmac_sha1-96	   hmac_md5-96
	      aes_xcbc_mac-96 null_auth	 any96	any128	any160	any192	any256
	      any384 any512

OPTIONS
       -i, --input input file
	      The pcap file to read packets from.

       -o, --output output file
	      The pcap file to write decapsulated packets to.

       -c, --conf esp configuration file
	      A	file with security associations	parameters used	to decrypt ESP
	      packets, one line	per flow. The line's format is:

	      <host A IP address> <host	B IP address>  <encryption  algorithm>
	      <authentification	algorithm> <key	(hex)> <SPI (hex)>

	      For  example,  to	 decrypt both flows from A to B	and B to A you
	      will need	two lines:

		     192.168.2.100   192.168.2.101    3des-cbc	  hmac_sha1-96
		     0x785778a2d4b0f36bf17a8c55d9b6cea7abcdef43f9d0d8b0
		     0x04022464
		     192.168.2.101 192.168.2.100 3des-cbc hmac_sha1-96 0xdead-
		     beeffff23a964457224d4a05121247bdbc8f0dda23fc 0x02250089

	      Separator	 is space or tabulation, if key	is useless (null_enc),
	      just put "0". Both spi and key must be in	hexadecimal format.
	      The configuration	file can be generated from setkey  -Da	output
	      thanks to	the provided sadb2conf.awk script.

       -v, --verbose
	      Print more details for each packet processed (encapsulation pro-
	      tocol, sucessfully decryption if IPsec, ...)

       -V, --version
	      print version

       -l, --list
	      List supported ESP encryption and	authentication algorithms

       BUGS

       -ESP transport mode not supported

NO WARRANTIES
       Ipdecap is distributed in the hope that it will be useful, but  WITHOUT
       ANY  WARRANTY;  without even the	implied	warranty of MERCHANTABILITY or
       FITNESS FOR A PARTICULAR	PURPOSE.  See the GNU General  Public  License
       for more	details.

LICENSE
       Copyright 2012-2016 Loic	Pefferkorn

       This  program  is distributed under the terms of	the GNU	General	Public
       License V3 as published by the Free Software Foundation.

AUTHOR
       Loic Pefferkorn.	 Use <loic-ipdecap@loicp.eu> to	contact	the developer.

       Ipdecap homepage: https://loicpefferkorn.net/ipdecap/

								    ipdecap(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | NO WARRANTIES | LICENSE | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ipdecap&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help