[strongSwan] How to get encryption key for ISAKMP phase ?
Chetan Sharma
jkshar2005 at gmail.com
Wed Aug 8 04:59:30 CEST 2012
Hi Guys,
I can easily decrypt ESP packets but I also wanted to decrypt ISAKMP phase
1 encrypted packets. I asked the same question on Wireshark forum and got a
really nice response here:
http://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-packets
The problem is I cannot seem to find the encryption key for phase 1. I was
asked to do this:
Look for *ICOOKIE* and *enc key* in the Pluto debug log.
gw205:/# ps auxww | grep pluto
root 24522 0.0 0.3 12572 3488 ? Ss 15:46 0:00
/usr/libexec/ipsec/pluto --nofork --debug-raw *--debug-crypt*
--debug-parsing --debug-emitting --debug-control --nocrsend
--nat_traversal --keep_alive 60
I cannot find enc key in the /var/log/messages file, any idea where I
can find this ? The enc key is needed for the decryption of ISAKMP
packets in WireShark
Also this is a lab test :)
Thanks
Chetan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120808/e203a105/attachment.html>
More information about the Users
mailing list