This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello everybody! :)

I'm testing IPSec by pinging two machines which I previously had configured. The thing is that when I try to decrypt ESP Payload (by configuring the SAs in Wireshark) it just decrypts packets in one direction; in fact it's the one which appears first in the list of SAs. If I switch the list order, then Wireshark updates the captures and decrypts the ones in the other direction, but never both.

More weird is that in the SPI field I had to put a * to both of the SAs because either I put the hex value or the decimal value, none of them work.

Is this a bug or am I doing something wrong? I just don't get it. :/

Thanks.

asked 26 Aug '13, 20:13

BeRniTo's gravatar image

BeRniTo
11113
accept rate: 0%

edited 27 Aug '13, 05:51

Is this a bug or am I doing something wrong? I just don't get it. :/

what is your Wireshark version and OS?

(27 Aug '13, 03:14) Kurt Knochner ♦

Sorry, forgot to add that info!

Wireshark 1.10.1 on Windows 7 Home Edition

(27 Aug '13, 05:50) BeRniTo

Anyone????

(28 Aug '13, 15:05) BeRniTo

Got it... had to write the SPIs in hex as 0x00000100 instead of just 0x100 or 256.

permanent link

answered 28 Aug '13, 21:10

BeRniTo's gravatar image

BeRniTo
11113
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20

question asked: 26 Aug '13, 20:13

question was seen: 2,436 times

last updated: 28 Aug '13, 21:10

p​o​w​e​r​e​d by O​S​Q​A