How to decipher NAS 5GS message (wireshark)

konradkar2 · September 8, 2022, 9:50am

I’m trying to inspect the content of NAS messages sent between UE and CN, is there a tool to achieve that?
I suppose this is possible as we have access to the UE subscription profile and CN database.
Also, I have all the traffic (from UE registration to PDU session establishment) captured.

This is the encrypted message seen from Wireshark.

konradkar2 · September 8, 2022, 10:05am

Ok,’ I’ve found the solution.
In Wireshark go to preferences -> Protocols -> NAS-5GS -> check the box “Try to detect and decode 5G-EA0 ciphered message”
Not sure how much traffic you need for that, but it worked for me.

meow0122 · September 13, 2022, 8:09am

Hi @konradkar2,
thanks for sharing

free5GC · September 27, 2022, 12:51pm