[strongSwan] How to get encryption key for ISAKMP phase ?
jkshar2005 at gmail.com
Wed Aug 8 04:59:30 CEST 2012
I can easily decrypt ESP packets but I also wanted to decrypt ISAKMP phase
1 encrypted packets. I asked the same question on Wireshark forum and got a
really nice response here:
The problem is I cannot seem to find the encryption key for phase 1. I was
asked to do this:
Look for *ICOOKIE* and *enc key* in the Pluto debug log.
gw205:/# ps auxww | grep pluto
root 24522 0.0 0.3 12572 3488 ? Ss 15:46 0:00
/usr/libexec/ipsec/pluto --nofork --debug-raw *--debug-crypt*
--debug-parsing --debug-emitting --debug-control --nocrsend
--nat_traversal --keep_alive 60
I cannot find enc key in the /var/log/messages file, any idea where I
can find this ? The enc key is needed for the decryption of ISAKMP
packets in WireShark
Also this is a lab test :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users