<div dir="ltr"><div>Hi All,</div><div><br></div><div> I was trying to decrypt IKEv1 packets using wireshark 2.6.</div><div> For decryption of Ikev1 one needs Initiator cookie and encryption key. I have enabled log level for ike = 4 in strongswan.conf.</div><div><br></div><div> I can see complete dump in log files, where I could find encryption key.</div><div><br></div><div> But I was unable to find initiator cookie without which I am unable to decrypt the packet.</div><div><br></div><div> I am using strongswan version 5.5.2.</div><div><br></div><div> Please let me know if I have missed something or I am looking at wrong place for ICOOKIE. In previous versions of strongswan where pluto was used, a separate line used to be printed in logs such as:</div><div></div><div>
<pre style="background-color:rgb(245,245,245);font-family:Consolas,Monaco,"Liberation Mono","Lucida Console",monospace;font-size:11.7px;margin-bottom:10px;overflow:auto;padding-left:5px;padding-top:5px;width:580px;white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><b>ICOOKIE: c6 d1 45 92 85 15 0c 7e</b></pre>
</div><div><br>Thanks & Regards,<div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><br></div><div>Yogesh Purohit</div></div></div></div></div>