capture content of ipsec traffic on the engress interface

hi guys,

is there any way to capture traffic that is encapsulated into esp? that somehow means to look "inside" of the esp packet. when capturing the traffic on the outside interface, i can only see the encapsulated traffic by default.

as far as i know, ipsec traffic passes 2 times through the ACL ruleset of the outside interface, one time encapsulated, one time decapsulated.

i hoped that when the packets pass the interface for the second time (decrypted) I will be able to capture it but that does not seem to be the case.

is there a way to capture traffic which leaves the traffic inside of an ipsec tunnel? unfortunately google was not my friend for that question.

thanks alot for your help, /Heri

Reply to
H. Steuer
Loading thread data ...

I believe Wireshark can decrypt ESP packets if you provide it with the keys.

Navigate as follows:

Edit menu | Preferences | Protocols | ESP | etc.

Check with the Wireshark forum if you need support.

Best Regards, News Reader

Reply to
News Reader Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.