Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Decoding ESP packets from Cisco Pix
From: "Alex Nedelcu" <alexpheno@xxxxxxxxx>
Date: Wed, 10 Sep 2008 10:56:37 +0300
Wireshark can't decode encrypted traffic unless you provide the keys, i know this is possible with ssl but haven't tried it with ipsec tunnels. You can try doing something on the pix though for testing purposes, you should configure the ipsec transform set with esp-null as a an option instead of the encryption algorithm you're currently using (esp-3des, esp-aes etc). By doing this the packets will be encapsulated in esp but the payload will be cleartext. Regards, Alex On Tue, Sep 9, 2008 at 8:35 PM, Bev Lekx <Bev.Lekx@xxxxxxxxxxxxxxxxx> wrote: > I am troubleshooting a network problem between our Cisco Pix's. I need to be > able to decode the Pix traffic on the encrypted side. I have configured > Wireshark's protocol preferences for ESP but I am unable to get Wireshark to > decode these packets. > > Should Wireshark be able to do this? > > Does anyone have experience doing this? > > > > Regards, > > > > Bev. > > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > >
- Follow-Ups:
- Re: [Wireshark-users] Decoding ESP packets from Cisco Pix
- From: Bev Lekx
- Re: [Wireshark-users] Decoding ESP packets from Cisco Pix
- References:
- [Wireshark-users] Decoding ESP packets from Cisco Pix
- From: Bev Lekx
- [Wireshark-users] Decoding ESP packets from Cisco Pix
- Prev by Date: [Wireshark-users] capturing 802.11 PLCP header?
- Next by Date: Re: [Wireshark-users] Decoding ESP packets from Cisco Pix
- Previous by thread: [Wireshark-users] Decoding ESP packets from Cisco Pix
- Next by thread: Re: [Wireshark-users] Decoding ESP packets from Cisco Pix
- Index(es):