[Openswan Users] Decrypt ESP packets with wireshark for tunnel mode (Openswan)

Paul Wouters paul at xelerance.com
Sat Nov 13 11:50:14 EST 2010

On Sat, 13 Nov 2010, Kevin Wilson wrote:

> I want to verify one point - and it could be that I am wrong at it:
> tcpdump -E will **not** decrypt ESP when using netkey (built-in kernel
> IPsec). This will work only with klips.

Incoming it should, outgoing, it will not see the encrypted packets due to
the placement of the NETKEY hooks (after tcpdump can see the packet)


More information about the Users mailing list