I have a Windows 7 IPSec VPN setup. When inspecting the IPSec packets generated by Windows in Wireshark the corresponding payloads are, as expected, encrypted. Is there a way to inspect the non-encrypted payloads for debug?
SnapOverflow
I have a Windows 7 IPSec VPN setup. When inspecting the IPSec packets generated by Windows in Wireshark the corresponding payloads are, as expected, encrypted. Is there a way to inspect the non-encrypted payloads for debug?
Due to the way that Wireshark works on Windows it can't inspect any packets except those that physically leave the NIC. See loopback in the Wireshark Wiki.
Since the packets are already encrypted by the time they leave the NIC there is no way to readily use Wireshark to analyze IPSEC encrypted packets.
It is theoretically possible to decrypt the IPSEC packets once they have been encrypted if you can get a hold of the keys as outlined here but I haven't had any success to date on Windows.