This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark 2.2.5 - how to set ESP preference from command line

0

Hello there,

I'm finding a way to set ESP preference, i.e. encryption keys, authentication keys, from command line. I have tried below command but wireshark always says no preference matches mine

tshark -i - -Y "sip||esp" -d tcp.port=="5000-65535",sip -d udp.port=="5000-65535",sip -T text -l -O "sip,esp" -o esp.enable\_null\_encryption\_decode\_heuristic:true -o esp.enable\_authentication\_check:true -o esp.enable\_encryption\_decode:true -o "esp.sa\_1:IPv4|\*|\*|\*" -o "esp.encryption\_algorithm\_1:AES-CBC [RFC3602]" -o "esp.encryption\_key\_1:0xC5DA46E7FF43C8D6C0DD3A2707E42E05" -o "esp.authentication\_algorithm\_1:HMAC-MD5-96 [RFC2403]" -o "esp.authentication\_key\_1:0xE5A349FCBAD409D15C766702CD400BA4" > D:\test\dump2.txt

It's always said that "esp.sa_1" flag is unknown. Same as esp.encryption_algorithm_1 and esp.authentication_algorithm_1, and so on.

I have searched around and think that esp.sa_1 is only available in older version of wireshark.

Does anyone know how to have these preference on wireshark 2.2.5?

Thank so much!

asked 08 Mar '17, 00:16

Viet-Anh%20Dinh's gravatar image

Viet-Anh Dinh
6224
accept rate: 0%

edited 08 Mar '17, 08:13

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

One Answer:

1

See my answer to this same question over at stackoverflow.

answered 08 Mar '17, 08:12

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%