Hi Guys, I can easily decrypt ESP packets but I also wanted to decrypt ISAKMP phase 1 encrypted packets. I asked the same question on Wireshark forum and got a really nice response here: http://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-packets
The problem is I cannot seem to find the encryption key for phase 1. I was asked to do this: Look for *ICOOKIE* and *enc key* in the Pluto debug log. gw205:/# ps auxww | grep pluto root 24522 0.0 0.3 12572 3488 ? Ss 15:46 0:00 /usr/libexec/ipsec/pluto --nofork --debug-raw *--debug-crypt* --debug-parsing --debug-emitting --debug-control --nocrsend --nat_traversal --keep_alive 60 I cannot find enc key in the /var/log/messages file, any idea where I can find this ? The enc key is needed for the decryption of ISAKMP packets in WireShark Also this is a lab test :) Thanks Chetan
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
