This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have a pcap with SIP register, 401 messages and ESP. I am trying to decrypt it but probably enter the wrong keys. What should I insert under "Encryption Key" and "Authentication Key"? I have the IK and CK? are those good enough?

Thanks, Diana

asked 30 Jan '17, 12:32

Dianalab9's gravatar image

Dianalab9
26161620
accept rate: 0%

how did you get the IK and CK? Also which cipher is being used by the esp protocol for encryption and HMAC?

(30 Jan '17, 22:33) koundi

Also you might want to read through this question on this forum.

https://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets

(30 Jan '17, 22:37) koundi

I got the IK & CK from SIP register

(30 Jan '17, 23:52) Dianalab9

I don't understand, Can you give more details about your setup. I am assuming you are using a IPSEC tunnel with ESP which is encapsulating sip messages is that correct? then how can you get the encryption and authentication key from the SIP register message?

(31 Jan '17, 00:15) koundi
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×109
×3

question asked: 30 Jan '17, 12:32

question was seen: 2,648 times

last updated: 31 Jan '17, 00:15

p​o​w​e​r​e​d by O​S​Q​A