This is our old Q&A Site. Please post any new questions and answers at

Hi, If IPSEC is enabled , can PCAP traces be captured and decoded using wireshark? Thanks

asked 20 Jan '14, 22:36

Surajitm's gravatar image

accept rate: 0%

well, it depends....

.... on the OS and the way the IPSEC subsystem is integrated into the kernel. On some systems there is a virtual ipsec interface (like Linux KLIPS). If you capture traffic on that virtual interface, you will see the traffic in clear. On other systems (Linux 'native' IPSEC stack since kernel 2.6) you will see parts of the traffic in clear and other parts only encrypted (strange thing, but that's due to the internal architecture of the IPSEC stack and the way libpcap hooks into the kernel). Again on other systems (e.g. Windows) it might be totally different and dependent on the VPN software in use (we have had several reports about problems with WinPcap and VPN clients ).

So, there is no clear answer to you question, as you did not tell us the system (OS and VPN software) you are talking about.

Even if you add that information, it's hard to answer the question, unless one of the members here has the same 'configuration' and is able to test it. But then, why don't you test it yourself?

Simply try to capture traffic

  • without IPSEC tunnel
  • with an established IPSEC tunnel

and see what you get on your system with your IPSEC configuration ;-))


permanent link

answered 21 Jan '14, 04:06

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 20 Jan '14, 22:36

question was seen: 8,888 times

last updated: 21 Jan '14, 04:06

p​o​w​e​r​e​d by O​S​Q​A