Wireshark-users: Re: [Wireshark-users] Decoding ESP packets from Cisco Pix

From: "Alex Nedelcu" <alexpheno@xxxxxxxxx>
Date: Wed, 10 Sep 2008 10:56:37 +0300
Wireshark can't decode encrypted traffic unless you provide the keys,
i know this is possible with ssl but haven't tried it with ipsec
tunnels. You can try doing something on the pix though for testing
purposes, you should configure the ipsec transform set with esp-null
as a an option instead of the encryption algorithm you're currently
using (esp-3des, esp-aes etc). By doing this the packets will be
encapsulated in esp but the payload will be cleartext.

Regards,

Alex

On Tue, Sep 9, 2008 at 8:35 PM, Bev Lekx <Bev.Lekx@xxxxxxxxxxxxxxxxx> wrote:
> I am troubleshooting a network problem between our Cisco Pix's. I need to be
> able to decode the Pix traffic on the encrypted side. I have configured
> Wireshark's protocol preferences for ESP but I am unable to get Wireshark to
> decode these packets.
>
> Should Wireshark be able to do this?
>
> Does anyone have experience doing this?
>
>
>
> Regards,
>
>
>
> Bev.
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>