[strongSwan] how to find initiator cookie in packet dump

Mirko Parthey mirko.parthey at web.de
Fri Nov 16 21:27:26 CET 2018

On Thu, Nov 08, 2018 at 10:47:18AM +0530, Yogesh Purohit wrote:
>  I was trying to decrypt IKEv1 packets using wireshark 2.6.
>  For decryption of Ikev1 one needs Initiator cookie and encryption key. I have
> enabled log level for ike = 4 in strongswan.conf.
>  I can see complete dump in log files, where I could find encryption key.
>  But I was unable to find initiator cookie without which I am unable to decrypt
> the packet.
>  I am using strongswan version 5.5.2.

tcpdump -vv shows the cookies.
In both wireshark and charon, the cookies are called "SPI".

With an IKE capture file loaded into wireshark, they are shown as ISAKMP
Initiator/Responder SPI in the packet dissection pane.

To make charon log them, set the loglevel "enc = 3".
The cookies are labeled as "IKE_SPI" in the logfile.
The first IKE_SPI is the initiator cookie, and the second is the responder
cookie; this is independent of who sent the message.

For example, the following was logged by an IKEv1 initiator
(without the comments):

# message sent by the initiator (3rd message of Main Mode):
[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[ENC] not encrypting payloads
[ENC] generating payload of type HEADER
[ENC]   generating rule 0 IKE_SPI
[ENC]    => 8 bytes @ 0x7f5a20003f68
[ENC]    0: E7 91 90 11 9E 1D 31 8B   # Initiator Cookie
[ENC]   generating rule 1 IKE_SPI
[ENC]    => 8 bytes @ 0x7f5a20003f70
[ENC]    0: B6 4B 3B B0 22 CB 9E 86   # Responder Cookie

# message received from the responder (4th message of Main Mode)
[ENC]   parsing rule 0 IKE_SPI
[ENC]    => 8 bytes @ 0x7f5a300019d8
[ENC]    0: E7 91 90 11 9E 1D 31 8B   # Initiator Cookie
[ENC]   parsing rule 1 IKE_SPI
[ENC]    => 8 bytes @ 0x7f5a300019e0
[ENC]    0: B6 4B 3B B0 22 CB 9E 86   # Responder Cookie


More information about the Users mailing list