Ask Your Question

NR-RRC : how to decrypt encrypt NR-RRC message in pcap

asked 2021-12-16 14:04:35 +0000

sgoyal gravatar image

Once Encryption is enabled than we are not able to see actual NR_RRC message in pcap. Can we add keys in wireshark and decode those message . Do we need to add ciphering keys somewhere ? I have seen only 5GNAS under "preference"

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-12-16 16:12:46 +0000

MartinM gravatar image

You can decrypt them if they are framed inside pdcp-nr. You need this in order to have a UE Identifier (in order to look up the appropriate key), and also COUNT (an input to the decryption) is calculated using the SN. You will also need to enable sequence number analysis. The dissector needs to know what the decryption protocol is - this may be signalled or can be set using a pdcp-nr dissector preference.

Note that only AES decryption (and integrity checking) can be done by standard Wireshark. If you supply a working implementation of Snow3G and Zuc (and edit epan/dissectors/packet-pdcp-nr.c to define the appropriate symbols), they can also be used.

edit flag offensive delete link more


how can i get the enable pdcp-nr dissector preference ? can you please share some snapshot

sgoyal gravatar imagesgoyal ( 2021-12-21 10:01:01 +0000 )edit

Hi MartinM, can you please help to answer my query ?

sgoyal gravatar imagesgoyal ( 2021-12-29 05:00:31 +0000 )edit

Sorry, I didn't see your replies. Hope you got this resolved. RRC messages can be found in several different places, PDCP wouldn't necessarily be involved.

MartinM gravatar imageMartinM ( 2024-05-31 09:41:14 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-12-16 14:04:35 +0000

Seen: 661 times

Last updated: Dec 16 '21