Decrypt IPSec ESP traffic with Wireshark
It is possible to decrypt IPSec ESP traffic with Wireshark but only if you have the original parameters that were used for the Security Association (SA):
- Source address of the SA.
- Destination address of the SA.
- The Security Parameter Index (SPI).
- Encryption algorithm and key.
- Authentication algorithm.
You can find a detailed explanation of how to decrypt the traffic below.