Hello there, I'm creating a C# program in which network traffic from Android device will be forwarded to my PC and be captured using tshark command line. This is how it works In the first CMD window
In the second CMD window
This runs perfectly showing all SIP messages from/to my device in case of no ESP encryption. But in case ESP encrypted, I can only see 2 SIP packets with full contents (i.e. REGISTER & 401 Unauthorized) when encryption is not enabled. After that, all packets are ESP encrypted data. When IPsec is enabled, I can get Encrypt Key from my device and append to esp_sa file. But tshark seems only read this file at first time running. So, the newly added key is not being used to decode during capturing. I would like to ask if anyone knows how to work around in this case. Thanks in advance! asked 07 Mar '17, 19:18 Viet-Anh Dinh edited 07 Mar '17, 19:22 |