I have a pcap with SIP register, 401 messages and ESP. I am trying to decrypt it but probably enter the wrong keys. What should I insert under "Encryption Key" and "Authentication Key"? I have the IK and CK? are those good enough? Thanks, Diana asked 30 Jan '17, 12:32  Dianalab9 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
how did you get the IK and CK? Also which cipher is being used by the esp protocol for encryption and HMAC?
Also you might want to read through this question on this forum.
https://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets
I got the IK & CK from SIP register
I don't understand, Can you give more details about your setup. I am assuming you are using a IPSEC tunnel with ESP which is encapsulating sip messages is that correct? then how can you get the encryption and authentication key from the SIP register message?