Hello everybody! :) I'm testing IPSec by pinging two machines which I previously had configured. The thing is that when I try to decrypt ESP Payload (by configuring the SAs in Wireshark) it just decrypts packets in one direction; in fact it's the one which appears first in the list of SAs. If I switch the list order, then Wireshark updates the captures and decrypts the ones in the other direction, but never both. More weird is that in the SPI field I had to put a * to both of the SAs because either I put the hex value or the decimal value, none of them work. Is this a bug or am I doing something wrong? I just don't get it. :/ Thanks. asked 26 Aug '13, 20:13  BeRniTo edited 27 Aug '13, 05:51 |
One Answer:
Got it... had to write the SPIs in hex as 0x00000100 instead of just 0x100 or 256. answered 28 Aug '13, 21:10 BeRniTo |
what is your Wireshark version and OS?
Sorry, forgot to add that info!
Wireshark 1.10.1 on Windows 7 Home Edition
Anyone????