[strongSwan] Decryption of ESP packets with Wireshark

Jessie Liu iamnotjessie at yahoo.com.tw
Wed Aug 11 06:41:55 CEST 2010

Hi Martin,
      It worked. Thanks for your great help!
Best Regards,

--- 10/8/10 (二),Martin Willi <martin at strongswan.org> 寫道:

寄件者: Martin Willi <martin at strongswan.org>
主旨: Re: [strongSwan] Decryption of ESP packets with Wireshark
收件者: "Jessie Liu" <iamnotjessie at yahoo.com.tw>
副本: users at lists.strongswan.org
日期: 2010年8月10日,二,下午7:30

Hi Jessie,

> Is it correct to fill the two fields with CK and IK?

If you are referring to the encryption and integrity keys CK/IK from
EAP-AKA authentication, definitely not.

> If not, what should I fill out to get ESP packets decrypted?

IKE uses a Diffie-Hellman exchange to derive keys used for IKE and ESP
with perfect forward secrecy. You can increase the debug level of the
IKE daemon to log the key derivation process. But it is probably simpler
to use the "ip" utility to extract the keys from the kernel. Try "ip
xfrm state".


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100811/8114d4e2/attachment.html>

More information about the Users mailing list