Encapsulation
James Wilson
ehdot795 at gmail.com
Thu Mar 2 14:37:09 CET 2017
Thanks Daniel, that's what I was trying to figure out.
If what you're saying is true, if the encrypted blob contains an IP packet
it would mean that it would look like this
Ethernet
IP
UDP
Ethernet
IP
WG payload
James
On Wed, Mar 1, 2017 at 8:38 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:
> On Wed 2017-03-01 16:38:05 -0800, James Wilson wrote:
> > Hi,
> >
> > Just out of curiosity, how does a "wireguard packet' look like on the
> wire
> > ??
> >
> > I'm guessing:
> >
> > Ethernet
> > IP
> > UDP
> > |------------------|
> > | IP |
> > | WG payload |
> > |------------------|
> >
> >
> > What's in the box is encrypted
> >
> > Is that right ?? If not, what does it look like?
>
> I believe the cleartext (after decryption) is an actual IP packet, so
> everything from layer3 up the stack.
>
>
> If anyone wants to document this sort of thing explicitly in a useful
> way, you might consider writing a wireshark dissector:
>
> https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
>
> and you can clone wireshark's source with:
>
> git clone https://code.wireshark.org/review/wireshark
>
> The simplest thing would be to start with a dissector for the ciphertext
> itself, for the few pieces of metadata that are outside the encrypted
> packet (see e.g. §5.4.2 of
> https://www.wireguard.io/papers/wireguard.pdf)
>
> If you want to get more clever, you could add a mechanism to the
> wireguard module to extract session keys, and then make a decryptor
> plugin to wireshark. But start with just the ciphertext ;)
>
> --dkg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170302/4769fc02/attachment.html>
More information about the WireGuard
mailing list