How do I decrypt encrypted IKE V2 packets from Landslide IPSec test cases using Wireshark?


Doc ID    FAQ10732
Version:    6.0
Status:    Published
Published date:    07/25/2013
Created Date:    08/15/2011
 

Answer

When trying to decrypt encrypted IKE V2 packets using Wireshark, open the trace and from the Main Menu, select Edit->Preferences and choose ISAKMP.

The following parameters are required to be filled:
Initiator SPI (this is the Initiator Cookie)
Responder SPI (this is the Responder Cookie)
SKEY_ID_ai (this is the generated authentication key for the initiator side)
SKEY_ID_ar (this is the generated authentication key for the responder side)
SKEY_ID_ei (this is the generated encryption key for the initiator side)
SKEY_ID_er (this is the generated encryption key for the responder side)
 
Note that the SKEY information we will need to be collected from the trace level 10 log file of the Test Server used to run IPSec on Landslide.
For SKEY_ID_ai  - search the log using this string:  “SKEYID_a value”
For SKEY_ID_ar  - search the log using this string:  “SKEYID_ar value”
For SKEY_ID_ei  - search the log using this string:  “SKEYID_e value”
For SKEY_ID_er  - search the log using this string:  “SKEYID_er value”

Attachment

Find Answers

Specified Languages
English
中文

Please Sign In

Username
Password

Did you forget your password?
Click here for assistance

New user? Start here.