This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to decrypt latest IKE/ESP Authentication/Encryption encoded packets.

0

Does Wireshark support decryption of the following algorithms?

  • AUTH_HMAC_SHA2_384_192
  • AUTH_HMAC_SHA2_512_256
  • AUTH_AES_GMAC_128
  • AUTH_AES_GMAC_192
  • AUTH_AES_GMAC_256
  • AUTH_AES_XCBC_MAC_96

  • ENC_AES_CBC_192

  • ENC_AES_CBC_256
  • ENC_AES_GCM_128
  • ENC_AES_GCM_256

asked 29 Sep '16, 05:13

jnanesh's gravatar image

jnanesh
6112
accept rate: 0%

edited 29 Sep '16, 10:54

Lekensteyn's gravatar image

Lekensteyn
2.2k3724


One Answer:

0

AUTH_* sounds like algorithms for authentication, these are strictly not necessary for decryption support. These seem supported though based on a look in the source code.

AES-CBC suites have been supported for a while (since at least Wireshark 2.0). AES-GCM suites are only supported in the latest development version (v2.3.0rc0-370-gd2ee571, it will end up in the stable 2.4 series in the future).

answered 29 Sep '16, 11:02

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%