This is our old Q&A Site. Please post any new questions and answers at

Hello there,

I'm finding a way to set ESP preference, i.e. encryption keys, authentication keys, from command line. I have tried below command but wireshark always says no preference matches mine

tshark -i - -Y "sip||esp" -d tcp.port=="5000-65535",sip -d udp.port=="5000-65535",sip -T text -l -O "sip,esp" -o esp.enable\_null\_encryption\_decode\_heuristic:true -o esp.enable\_authentication\_check:true -o esp.enable\_encryption\_decode:true -o "\_1:IPv4|\*|\*|\*" -o "esp.encryption\_algorithm\_1:AES-CBC [RFC3602]" -o "esp.encryption\_key\_1:0xC5DA46E7FF43C8D6C0DD3A2707E42E05" -o "esp.authentication\_algorithm\_1:HMAC-MD5-96 [RFC2403]" -o "esp.authentication\_key\_1:0xE5A349FCBAD409D15C766702CD400BA4" > D:\test\dump2.txt

It's always said that "esp.sa_1" flag is unknown. Same as esp.encryption_algorithm_1 and esp.authentication_algorithm_1, and so on.

I have searched around and think that esp.sa_1 is only available in older version of wireshark.

Does anyone know how to have these preference on wireshark 2.2.5?

Thank so much!

asked 08 Mar '17, 00:16

Viet-Anh%20Dinh's gravatar image

Viet-Anh Dinh
accept rate: 0%

edited 08 Mar '17, 08:13

cmaynard's gravatar image

cmaynard ♦♦

See my answer to this same question over at stackoverflow.

permanent link

answered 08 Mar '17, 08:12

cmaynard's gravatar image

cmaynard ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 08 Mar '17, 00:16

question was seen: 995 times

last updated: 08 Mar '17, 08:13

p​o​w​e​r​e​d by O​S​Q​A