[c-nsp] OT: Using wireshark to decode IPSec/ESP
Dale Shaw
dale.shaw+cisco-nsp at gmail.com
Wed Aug 5 05:57:52 EDT 2009
Hi all,
Has anyone used wireshark successfully to decode ESP traffic?
The only material I can find online is people having the same problem
as me, or people using null encryption. I need to peek inside
esp-3des/esp-sha-hmac SAs
The wireshark wiki entry is: http://wiki.wireshark.org/ESP_Preferences
It's been years since I was armpit deep in IPSec but I am assuming the
encryption key it wants is NOT the ISAKMP pre-shared key.
If that's right, is there a way I can get the key(s)? I have access to
the peers.
If that's wrong, well, why isn't it working for me? :-) (no errors,
just no meaningful decode.)
In case you're wondering, I just want to see with my own eyes what
DMVPN looks like on the wire (eth:ip:esp:gre:ip:payload)
There are some screen caps here that show it's possible:
http://www.carbonwind.net/VyattaOFR/AdvVPN/AdvVPN2.htm#toJj
cheers,
Dale
More information about the cisco-nsp
mailing list