Wireshark-users: [Wireshark-users] Possible to decrypt aes256-sha1 ESP packets with secret?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: David Dean <just_bytesize@xxxxxxxxxxx>
Date: Sun, 9 Feb 2020 19:00:54 +0000 (UTC)
Hi,

I have a packet capture from a site-to-site VPN that I need to decode.

Here are the encryption options:

    authby=secret
    keyexchange=ike
    ike=aes256-sha1;modp1024
    phase2=esp
    phase2alg=aes256-sha1;modp1024
    pfs=no

The client has provided me with the shared secret.

I've tried adding the ESP SAs, but I can't see aes256-sha1 listed in the algorithms.

I'm using Wireshark v3.2.1 with Gcrypt 1.8.3.

Is it not possible to decode aes256-sha1 with Wireshark?

If it is possible, what options should I be choosing in the ESP SA window?

Thanks,

Dave