Hi,There is an ESP dissector in Wireshark without any patches needed, in Wireshark see edit->preferences->protocols->ESP. There is some configuration needed and the keys of course. So it seems it is possible to see the contents of ESP packets after dumping them, if you know the keys.
BR, Samu Varjonen Robert Moskowitz wrote:
I seem to recall a wireshark plugin? Would it show the contents of the ESP packets? Or is there a way to run ESP with the NULL cipher to see what is going across....