User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5

161

162

163

164

165

166

167

168

169

170

Customizing Wireshark

155

10.10. GeoIP Database Paths

If your copy of Wireshark supports MaxMind's GeoIP library, you can use their databases to match IP

addresses to countries, cites, autonomous system numbers, ISPs, and other bits of information. Some

databases are available at no cost, while others require a licensing fee. See the MaxMind web site for more

information.

This table is handled by an Section 10.7, “User Table” with the following fields.

Database pathname This specifies a directory containing GeoIP data files. Any files beginning

with Geo and ending with .dat will be automatically loaded. A total of 8

files can be loaded.

The locations for your data files are up to you, but /usr/share/GeoIP

(Linux), C:\GeoIP (Windows), C:\Program Files\Wireshark

\GeoIP (Windows) might be good choices.

10.11. IKEv2 decryption table

Wireshark can decrypt Encrypted Payloads of IKEv2 (Internet Key Exchange version 2) packets if

necessary information is provided. Note that you can decrypt only IKEv2 packets with this feature. If

you want to decrypt IKEv1 packets or ESP packets, use Log Filename setting under ISAKMP protocol

preference or settings under ESP protocol preference respectively.

This table is handled by an Section 10.7, “User Table” with the following fields.

Initiator's SPI Initiator's SPI of the IKE_SA. This field takes hexadecimal string without

"0x" prefix and the length must be 16 hex chars (represents 8 octets).

Responder's SPI Responder's SPI of the IKE_SA. This field takes hexadecimal string

without "0x" prefix and the length must be 16 hex chars (represents 8

octets).

SK_ei Key used to encrypt/decrypt IKEv2 packets from initiator to responder.

This field takes hexadecimal string without "0x" prefix and its length must

meet the requirement of the encryption algorithm selected.

SK_er Key used to encrypt/decrypt IKEv2 packets from responder to initiator.

This field takes hexadecimal string without "0x" prefix and its length must

meet the requirement of the encryption algorithm selected.

Encryption Algorithm Encryption algorithm of the IKE_SA.

SK_ai Key used to calculate Integrity Checksum Data for IKEv2 packets from

responder to initiator. This field takes hexadecimal string without "0x"

prefix and its length must meet the requirement of the integrity algorithm

selected.

SK_ar Key used to calculate Integrity Checksum Data for IKEv2 packets from

initiator to responder. This field takes hexadecimal string without "0x"

prefix and its length must meet the requirement of the integrity algorithm

selected.

Integrity Algorithm Integrity algorithm of the IKE_SA.