[strongSwan] how to find initiator cookie in packet dump
Yogesh Purohit
yogeshpurohit2 at gmail.com
Thu Nov 8 06:17:18 CET 2018
Hi All,
I was trying to decrypt IKEv1 packets using wireshark 2.6.
For decryption of Ikev1 one needs Initiator cookie and encryption key. I
have enabled log level for ike = 4 in strongswan.conf.
I can see complete dump in log files, where I could find encryption key.
But I was unable to find initiator cookie without which I am unable to
decrypt the packet.
I am using strongswan version 5.5.2.
Please let me know if I have missed something or I am looking at wrong
place for ICOOKIE. In previous versions of strongswan where pluto was used,
a separate line used to be printed in logs such as:
*ICOOKIE: c6 d1 45 92 85 15 0c 7e*
Thanks & Regards,
Yogesh Purohit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181108/69f2dc1a/attachment.html>
More information about the Users
mailing list