.

Wireshark - dissecting OpenVPN traffic

<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Jan 22, 2013 11:56 pm

Wireshark - dissecting OpenVPN traffic

Hey everyone,

I figured I would post another question that I have been stumped on.  I have a packet capture of an SSL VPN session.  The SSL VPN is basically a slightly modified implementation of OpenVPN over TCP. 

I am working in Wireshark to try to dissect and decode the captured data.  I have the private key files used for the key exchange.  I am working now to retrieve the session key (which seem to change every few KB). I am just missing a dissector for OpenVPN.  It looks like the Wireshark team has had requests for one.  Has anyone successfully been able to decode OpenVPN traffic in Wireshark? 
~~~~~~~~~~~~~~
Ketchup
<<

mnlhfr

Newbie
Newbie

Posts: 1

Joined: Wed Jan 23, 2013 12:03 pm

Post Wed Jan 23, 2013 12:08 pm

Re: Wireshark - dissecting OpenVPN traffic

i just submitted a openvpn dissector to the wireshark project a few days ago:
https://bugs.wireshark.org/bugzilla/sho ... gi?id=8240

maybe this helps :)
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jan 23, 2013 12:34 pm

Re: Wireshark - dissecting OpenVPN traffic

Wow, this is exactly what I needed :)
~~~~~~~~~~~~~~
Ketchup
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jan 24, 2013 3:07 pm

Re: Wireshark - dissecting OpenVPN traffic

I just wanted to let you know that the packet-openvpn.c is already in the svn tree.  I was able to compile wireshark in Linux (haven't tried on Windows).  I was able to detect and dissect the OpenVPN packets in my capture without many issues.  I love that you provided an option to change the port assignments for the protocol, since mine runs over a non-standard TCP port. 

My only issue is that some of the SSL / TLS key negotiation gets lost.  That's easily remedied by switching the decoding to SSL though. 

Thank you for the great work on this!
~~~~~~~~~~~~~~
Ketchup

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software