Wireshark-users: [Wireshark-users] Cant decrypt ESP payload
From: マシス・ザッカリー <mathis@xxxxxxxxx>
Date: Tue, 25 Jul 2006 14:43:15 +0900
Has anybody have any success decrypting ESP payloads with wireshark or
tcpdump?
I am trying to decrypt some ping packets (attached) that has been
encrypted with 3DES/SHA1 with the PSK being "hello". I get an error in
my terminal that says "ESP Preferences: Error in encryption algorithm
3des-cbc: Bad Keylen <40 bits>" 
From what i can tell, i only know my PSK so im not sure what wireshark
is expecting for my encryption key/authentication key. I tried it in
tcpdump as well with no luck.
Please let me know if anyone has had success with this.
Thank you much,
  Mathis

PS. I'm using Wiresharek 0.99-r2 w/ libgcrypt and the traffic is from a
netscreen vpn.

Attachment: esp-icmps-3des-sha1.pcap
Description: Binary data