In wireshark trace, there is a selection for ESP decode under ESP protocol. When you use that to decode ESP packets, you need to fill out Protocol, Src IP, Dest IP, SPI, Encryption type, Encryption Key, Authentication type, Authentication Key.
You can get these keys from Landslide level 10 debug logs. If you do have an IPSec Accelerator Card in your test server, you are going to be using hardware acceleration. In the level 10 debug log search for “writeIpsecSa”. You will see an INBOUND version and an OUTBOUND version. It will list the keys used for encryption and authentication.