On May 30, 2025, at 3:52 AM, Ariel Burbaickij <ariel.burbaic...@gmail.com> wrote:
> sent previously to community.mailimg lost but no response there, so resending > it here. > > Hello mailing list, > > I set up ESP deciphering/decoding preferences with following relevant > parameters in wireshark 4.4.6: > > -- attempt to check ESP Authentication -- off > -- attempt to detect/decode NULL encrypted ESP payload -- off > > then I entered ESP SAs with relevant IPs, SPIs and deciphering key, leaving > the authentication algorithm at NULL and wireshark did not decipher ESP > payload. > I set authentication algorithm to HMAC-SHA1-96 (RFC 2404) then, without > authentication key and wireshark did decipher as expected. > > Question: why wireshark cares so much about authentication algorithm in this > scenario, shouldn't it just decipher with all the information for it > available or what goes on here as in "potential bug" ? If decryption fails for any reason, we should - in *all* the places we decrypt (ESP, TLS, 802.11, etc.) - put in an expert info or other indication of the cause, so that this can be better debugged. _______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
