1 | initial version |
You can decrypt them if they are framed inside pdcp-nr. You need this in order to have a UE Identifier (in order to look up the appropriate key), and also COUNT (an input to the decryption) is calculated using the SN. You will also need to enable sequence number analysis. The dissector needs to know what the decryption protocol is - this may be signalled or can be set using a pdcp-nr dissector preference.
Note that only AES decryption (and integrity checking) can be done by standard Wireshark. If you supply a working implementation of Snow3G and Zuc (and edit epan/dissectors/packet-pdcp-nr.c to define the appropriate symbols), they can also be used.