Hi,
I'm looking at en NULL encrypted ESP payload, trying to display it in Wireshark, in order to do so
The preferences
"Attempt to detect/decode NULL encrypted ESP payloads" must be "ticked" ( No supprise)
"Attempt to detect/decode encrypted ESP payloads" must be "un-ticked" is that realy corrrect? Or should this patch be applied?
C:\wireshark\trunk>svn diff
Index: epan/dissectors/packet-ipsec.c
===================================================================
--- epan/dissectors/packet-ipsec.c (revision 889)
+++ epan/dissectors/packet-ipsec.c (working copy)
@@ -1099,8 +1099,7 @@
#ifdef HAVE_LIBGCRYPT
/* The SAD is not activated */
- if(g_esp_enable_null_encryption_decode_heuristic &&
- !g_esp_enable_encryption_decode)
+ if(g_esp_enable_null_encryption_decode_heuristic)
null_encryption_decode_heuristic = TRUE;
if(g_esp_enable_encryption_decode || g_esp_enable_authentication_check)
