Hi, I would like to know if there is any mechanism to decrypt and analyze the SCTP packets exchanged over IPSec tunnels between two end nodes, for troubleshooting using Wireshark or tshark? Please advise. Regards, SC asked 22 Dec '13, 20:23  tintin |
One Answer:
Try it by setting preferences for ESP option. Regards, NA answered 22 Dec '13, 23:01  alaska |
In other words, you have to configure Wireshark to decode the IPSec; after that then it will analyze whatever the IPSec payload as normal. See the wiki for more details.
Or here: http://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets
One-upping this question because I suspect in the next couple quarters it's going to be a popular need in mobile. IPX and Diameter is coming. :)