Hi All, I am not able to Decrypt some of the avps(in Diameter protocol). My problem is a few avps(diameter protocol)/IE(in 3GPP protocol) of a message is encrypted using AES-CBC Algorithms. Is there any options to decrypt the IEs/AVPs of a 3GPP/Diameter message. Please suggest, how to set the keys and all other parameters to decrypt these IEs. If this feature is not supported in Wireshark,then please suggest is there any ways to decrypt these parameters of the message. Thanks in advance, Manoj asked 07 Mar '13, 03:10  Manoja |
2 Answers:
Decryption of Diameter AVP:s is not implemented in Wireshark. I don't know if there is a program that could take the extracted bytes keys etc as input and do decryption. answered 07 Mar '13, 08:08  Anders ♦ |
Hello Manoj Did you try the wireshark menu Analize-> Decode As then in transport select Diameter and ok? for tshark you can try tshark -r InputFile.pcap -d tcp.port==<your port="">,diameter answered 23 Apr '13, 07:31  fachav2 |
Thanks, Is it posible to decript the value of the Parameter/Avp by writing a Wireshark Diameter dissector?
Well one should rather expand the Diameter dissector to do decryption. I have no idea how complicated that might be and there is no current plan to implement that. But if you want to give it a go, please do. The ESP and SSL dissectors should be good starting points to look at how to implemnt an UAT to define the keys and how call decryption functions.