Encapsulation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 2 02:38:01 CET 2017
On Wed 2017-03-01 16:38:05 -0800, James Wilson wrote:
> Hi,
>
> Just out of curiosity, how does a "wireguard packet' look like on the wire
> ??
>
> I'm guessing:
>
> Ethernet
> IP
> UDP
> |------------------|
> | IP |
> | WG payload |
> |------------------|
>
>
> What's in the box is encrypted
>
> Is that right ?? If not, what does it look like?
I believe the cleartext (after decryption) is an actual IP packet, so
everything from layer3 up the stack.
If anyone wants to document this sort of thing explicitly in a useful
way, you might consider writing a wireshark dissector:
https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
and you can clone wireshark's source with:
git clone https://code.wireshark.org/review/wireshark
The simplest thing would be to start with a dissector for the ciphertext
itself, for the few pieces of metadata that are outside the encrypted
packet (see e.g. §5.4.2 of
https://www.wireguard.io/papers/wireguard.pdf)
If you want to get more clever, you could add a mechanism to the
wireguard module to extract session keys, and then make a decryptor
plugin to wireshark. But start with just the ciphertext ;)
--dkg
More information about the WireGuard
mailing list