This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ESP decryption

0

Hello everybody! :)

I'm testing IPSec by pinging two machines which I previously had configured. The thing is that when I try to decrypt ESP Payload (by configuring the SAs in Wireshark) it just decrypts packets in one direction; in fact it's the one which appears first in the list of SAs. If I switch the list order, then Wireshark updates the captures and decrypts the ones in the other direction, but never both.

More weird is that in the SPI field I had to put a * to both of the SAs because either I put the hex value or the decimal value, none of them work.

Is this a bug or am I doing something wrong? I just don't get it. :/

Thanks.

asked 26 Aug '13, 20:13

BeRniTo's gravatar image

BeRniTo
11113
accept rate: 0%

edited 27 Aug '13, 05:51

Is this a bug or am I doing something wrong? I just don't get it. :/

what is your Wireshark version and OS?

(27 Aug '13, 03:14) Kurt Knochner ♦

Sorry, forgot to add that info!

Wireshark 1.10.1 on Windows 7 Home Edition

(27 Aug '13, 05:50) BeRniTo

Anyone????

(28 Aug '13, 15:05) BeRniTo

One Answer:

0

Got it... had to write the SPIs in hex as 0x00000100 instead of just 0x100 or 256.

answered 28 Aug '13, 21:10

BeRniTo's gravatar image

BeRniTo
11113
accept rate: 0%