none
Windows IPsec Wireshark RRS feed

  • Question

  • good day!

    I have Windows 2012r2 - VPN IPSec installed on the standard tools (Windows Firewall with Advanced Security),

    I have a need to monitor the packets in the tunnel - Wireshark,

    on windows the interface the tunnel is not shown separately - there is only the ordinary hard Ethernet appropriately

    in Wireshark I see only encrypted packets

    here at Wireshark, there are instructions on how to fill the parameters to decoding tunnel (https://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets - ---part two "ESP-Decryption")

    but this instruction is for Linux 

    Question : tell me how to get Windows type parameters : Encryption Key Authentication Key?

    i can get only these parametrs from "Windows Firewall with Advanced Security": 3des, PSK, sha-1, peer IP, SPI



    • Edited by friis01 Tuesday, November 1, 2016 2:55 PM
    Tuesday, November 1, 2016 2:39 PM