Date: Fri, 14 Jan 2005 15:22:22 +0000 From: Bruce M Simpson <bms@spc.org> To: Andriy Gapon <avg@icyb.net.ua> Cc: freebsd-security@freebsd.org Subject: Re: debugging encrypted part of isakmp Message-ID: <20050114152222.GG57985@empiric.icir.org> In-Reply-To: <41E7DAC3.3050707@icyb.net.ua> References: <41E796DC.2090102@icyb.net.ua> <20050114140709.GD57985@empiric.icir.org> <41E7DAC3.3050707@icyb.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 14, 2005 at 04:44:19PM +0200, Andriy Gapon wrote: > So, I am looking for the easiest way to decrypt isakmp packets using > both packet data and information like pre-shared keys, certificates etc. There's probably not a lot that you can do here, short of turning on all the debugging switches you can find for the opaque IKE implementation you're dealing with; unless the isakmp decoder in tcpdump were modified to accept keying material. We already do this for AH, ESP, TCP-MD5 but not IKE itself as that's a non-trivial task. Regards, BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050114152222.GG57985>