Printer FriendlyEmail Article Link

How do I decrypt encrypted IKE V2 packets from Landslide IPSec test cases using Wireshark?

Answer

When trying to decrypt encrypted IKE V2 packets using Wireshark, open the trace and from the Main Menu, select Edit->Preferences and choose ISAKMP.

The following parameters are required to be filled:
Initiator SPI (this is the Initiator Cookie)
Responder SPI (this is the Responder Cookie)
SKEY_ID_ai (this is the generated authentication key for the initiator side)
SKEY_ID_ar (this is the generated authentication key for the responder side)
SKEY_ID_ei (this is the generated encryption key for the initiator side)
SKEY_ID_er (this is the generated encryption key for the responder side)
 
Note that the SKEY information we will need to be collected from the trace level 10 log file of the Test Server used to run IPSec on Landslide.
For SKEY_ID_ai  - search the log using this string:  “SKEYID_a value”
For SKEY_ID_ar  - search the log using this string:  “SKEYID_ar value”
For SKEY_ID_ei  - search the log using this string:  “SKEYID_e value”
For SKEY_ID_er  - search the log using this string:  “SKEYID_er value”


Product : Landslide,Landslide Client,IPSec