Wireshark-users: [Wireshark-users] symbolic decode of ESP payload
From: "Joe Harvell" <[email protected]>
Date: Wed, 27 Sep 2006 12:44:19 -0500
I am trying to decode packets carried in ESP transport mode. I set up IPSec to use NULL encryption and authentication. When I configure ESP with the SA's, it shows me the decoded data in the ESP payloads. But I want it to symbolically decode that. Specifically, if a TCP segement spans multiple ESP packets, I expect Wireshark to re-assemble and symbolically decode whatever is inside. I know it can do this with Diameter. Does it not do it for ESP?
Joe Harvell