Wireshark-users: Re: [Wireshark-users] Decoding ESP packets from Cisco Pix
From: Bev Lekx <bev.lekx@xxxxxxxxxxxxxxxxx>
Date: Wed, 10 Sep 2008 09:03:47 -0400
That is a good idea. Thank you for the suggestion.

Bev.

On Wed, 2008-09-10 at 10:56 +0300, Alex Nedelcu wrote:
> Wireshark can't decode encrypted traffic unless you provide the keys,
> i know this is possible with ssl but haven't tried it with ipsec
> tunnels. You can try doing something on the pix though for testing
> purposes, you should configure the ipsec transform set with esp-null
> as a an option instead of the encryption algorithm you're currently
> using (esp-3des, esp-aes etc). By doing this the packets will be
> encapsulated in esp but the payload will be cleartext.
> 
> Regards,
> 
> Alex
> 
> On Tue, Sep 9, 2008 at 8:35 PM, Bev Lekx <Bev.Lekx@xxxxxxxxxxxxxxxxx> wrote:
> > I am troubleshooting a network problem between our Cisco Pix's. I need to be
> > able to decode the Pix traffic on the encrypted side. I have configured
> > Wireshark's protocol preferences for ESP but I am unable to get Wireshark to
> > decode these packets.
> >
> > Should Wireshark be able to do this?
> >
> > Does anyone have experience doing this?
> >
> >
> >
> > Regards,
> >
> >
> >
> > Bev.
> >
> >
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users