[c-nsp] OT: Using wireshark to decode IPSec/ESP

[Benny Amorsen]

Dale Shaw <dale.shaw+cisco-nsp at gmail.com> writes:

> It's been years since I was armpit deep in IPSec but I am assuming the
> encryption key it wants is NOT the ISAKMP pre-shared key.

Nope, it wants the session key used for that particular session. This
can be hard to get, depending on which platforms the IPSEC end points
are.

For Linux you can get the keys with ip xfrm state.


/Benny