Once Encryption is enabled than we are not able to see actual NR_RRC message in pcap. Can we add keys in wireshark and decode those message . Do we need to add ciphering keys somewhere ? I have seen only 5GNAS under "preference"
You can decrypt them if they are framed inside pdcp-nr. You need this in order to have a UE Identifier (in order to look up the appropriate key), and also COUNT (an input to the decryption) is calculated using the SN. You will also need to enable sequence number analysis. The dissector needs to know what the decryption protocol is - this may be signalled or can be set using a pdcp-nr dissector preference.
Note that only AES decryption (and integrity checking) can be done by standard Wireshark. If you supply a working implementation of Snow3G and Zuc (and edit epan/dissectors/packet-pdcp-nr.c to define the appropriate symbols), they can also be used.
how can i get the enable pdcp-nr dissector preference ? can you please share some snapshot
Hi MartinM, can you please help to answer my query ?
Sorry, I didn't see your replies. Hope you got this resolved. RRC messages can be found in several different places, PDCP wouldn't necessarily be involved.
Comments