[strongSwan] how to find initiator cookie in packet dump

Yogesh Purohit yogeshpurohit2 at gmail.com
Thu Nov 8 06:17:18 CET 2018

Hi All,

 I was trying to decrypt IKEv1 packets using wireshark 2.6.
 For decryption of Ikev1 one needs Initiator cookie and encryption key. I
have enabled log level for ike = 4 in strongswan.conf.

 I can see complete dump in log files, where I could find encryption key.

 But I was unable to find initiator cookie without which I am unable to
decrypt the packet.

 I am using strongswan version 5.5.2.

  Please let me know if I have missed something or I am looking at wrong
place for ICOOKIE. In previous versions of strongswan where pluto was used,
a separate line used to be printed in logs such as:

*ICOOKIE:  c6 d1 45 92  85 15 0c 7e*

Thanks & Regards,

Yogesh Purohit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181108/69f2dc1a/attachment.html>

More information about the Users mailing list