Wireshark · Wireshark-users: [Wireshark-users] save decrypted ESP

Wireshark-users: [Wireshark-users] save decrypted ESP

From: tsaitgaist <ml@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 03 Mar 2011 18:21:49 +0100

Hi,

I putted the keys for ESP (IPsec) traffic in wireshak using the menu.
It was able to decrypte and show the encrypted payload.
But saving the file only saves the encrypted packets.
I also used tshark with the appropriate -o option.
Again it can decrypted and show me the payloads, but does not save the
decypted "packets".
tcpdump offers a way to decode ESP traffic, but it does not support
aes-128-cbc.
Is there any way to save the decrypted packets ?

Thanks,
kevin

Prev by Date: Re: [Wireshark-users] what I witnessed during live capture isn't what is shown by the capture files
Next by Date: [Wireshark-users] Trying, unsuccessfully, to add custom dissectors to WS-Portable
Previous by thread: Re: [Wireshark-users] what I witnessed during live capture isn't what is shown by the capture files
Next by thread: [Wireshark-users] Trying, unsuccessfully, to add custom dissectors to WS-Portable
Index(es):
- Date
- Thread