Frédéric ROUDAUT - Projects (Wireshark/IPsec)

I developed an enhanced version of the Wireshark (former Ethereal) IPsec Dissector in order to decrypt ESP Payloads of IPv4 and IPv6 packets using the following Encryption Algorithms:

NULL Encryption Algorithm.
TripleDES-CBC [RFC2451] : keylen 192 bits.
AES-CBC[RFC3602] : keylen 128 and 192/256 bits.
AES-CTR [RFC3686] : keylen 160/224/288 bits. (32 bits for Nonce).
DES-CBC [RFC2405] : keylen 64 bits.
BLOWFISH-CBC : keylen 128 bits.
TWOFISH-CBC : keylen 128/256 bits.
CAST5-CBC [Draft] : keylen 128 bits.

It also permits to check Authentication for :

NULL Authentication
HMAC-SHA1-96 [RFC2404] : Any keylen
HMAC-SHA256-96 [Draft]: Any keylen
HMAC-MD5-96 [RFC2403] : Any keylen
HMAC-RIPEMD160-96 [RFC2857] : Any keylen

It works for transport and tunnel Mode. This is a Personal Free Project that you can download Here.
The last version of this package is now included and extended in Wireshark (Except perhaps corrections for AES-CTR).
For more information on how to use it, have a look to the ESP Preferences Wiki of Wireshark.