[strongSwan] How to get encryption key for ISAKMP phase ?

Chetan Sharma jkshar2005 at gmail.com
Wed Aug 8 04:59:30 CEST 2012

Hi Guys,

I can easily decrypt ESP packets but I also wanted to decrypt ISAKMP phase
1 encrypted packets. I asked the same question on Wireshark forum and got a
really nice response here:

The problem is I cannot seem to find the encryption key for phase 1. I was
asked to do this:

Look for *ICOOKIE* and *enc key* in the Pluto debug log.

gw205:/# ps auxww | grep pluto
root     24522  0.0  0.3  12572  3488 ?        Ss   15:46   0:00
/usr/libexec/ipsec/pluto --nofork --debug-raw *--debug-crypt*
--debug-parsing --debug-emitting --debug-control --nocrsend
--nat_traversal --keep_alive 60

I cannot find enc key in the /var/log/messages file, any idea where I
can find this ? The enc key is needed for the decryption of ISAKMP
packets in WireShark

Also this is a lab test :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120808/e203a105/attachment.html>

More information about the Users mailing list