Skip to main content
Kaplan
Kaplan
Explorer II
August 30, 2022
Question

decreypt pcap with wireshark

  • August 30, 2022
  • 4 replies
  • 1912 views

Dear People,

 

i have a problem, that I can decrypt the pcap file in Headquarter Fortigate but in Branch only on ISP Router  and not behind of ISP Router on Fortigate Packet Capture.

 

FGHQ-->ISP-Router ----------------ISP-Router<--Fortigate Branch

 

Did somebody know why?

4 replies

Anthony_E
Staff
Anthony_E
Staff
September 2, 2022

Hello Kaplan,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
September 2, 2022

Hello Kaplan,

 

I have found this KB article:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-decrypt-IPSec-Phase-2-ISAKMP-packets-IKEv2/ta-p/213649

 

Could you please tell me if it helps?

 

Regards,

Best Regards
Markus_M
Staff & Editor
Markus_M
Staff & Editor
September 2, 2022

Hi Kaplan,

 

it will help to understand what you are actually trying to decrypt/decode. Is it IPsec traffic as Anthony guessed, or are you trying to decode a "sniffer 6" packet capture?

 

Best regards,

 

Markus

    Kaplan
    KaplanAuthor
    Explorer II
    September 2, 2022

    Hello Markus,
    thax for your help.It is the IPSEC traffic.
    I tried it to decrypt with dia vpn tunnel list name VPNTU
    I could decrypt it in one side,but not on other side.I will try with the article.
    sniffer with 6 with same result

     

    Thanx a lot

    Terms & ConditionsAccessibility statement