This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dear All,

I would like to know the prodedure to decode the NAS-EPS messages. Thanks.

asked 03 Nov '15, 02:32

smehra24's gravatar image

smehra24
6112
accept rate: 0%

What's the format of your input file? Are you having a pcap file? A text file with the hex dump of the message? Without this basic information it's not possible to answer you. Could you post an example of your NAS EPS message format?

(03 Nov '15, 10:59) Pascal Quantin

Hi! Can wireshark decrypt NAS-EPS messages (encrypted with either AES128 or SNOW3G) if K and OP are provided? Thanks

permanent link

answered 13 Nov '15, 13:20

savannah's gravatar image

savannah
61
accept rate: 0%

No this is not implemented. SNOW3G will most probably not happen due to the patents associated. EEA2 (AES256) could eventually be implemented if someone feels motivated enough (not many people have access to the K and OP keys though, so it limits its usage).

(13 Nov '15, 13:35) Pascal Quantin

NAS decryption is a somewhat popular feature for telecom-tailored probe systems, and really one of the main things I'd use them for (ie: one of the main things I can't do with just Wireshark).

For NAS-EPS, if you're a network operator most MME platforms I know of support the ability to selectively negotiate down to null encryption for a given SIM through configuration if you want to do an ad-hoc trace of the NAS signalling also.

(14 Nov '15, 14:16) Quadratic
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×13
×2

question asked: 03 Nov '15, 02:32

question was seen: 2,045 times

last updated: 14 Nov '15, 14:16

p​o​w​e​r​e​d by O​S​Q​A