debugging encrypted part of isakmp
Bruce M Simpson
bms at spc.org
Fri Jan 14 07:21:59 PST 2005
On Fri, Jan 14, 2005 at 04:44:19PM +0200, Andriy Gapon wrote:
> So, I am looking for the easiest way to decrypt isakmp packets using
> both packet data and information like pre-shared keys, certificates etc.
There's probably not a lot that you can do here, short of turning on all
the debugging switches you can find for the opaque IKE implementation
you're dealing with; unless the isakmp decoder in tcpdump were modified
to accept keying material. We already do this for AH, ESP, TCP-MD5 but
not IKE itself as that's a non-trivial task.
Regards,
BMS
More information about the freebsd-security
mailing list