Ask Your Question

Revision history [back]

Decrypting ISAKMP phase 1 packets 5 and 6

Hi Team,

I see this question has been asked earlier https://ask.wireshark.org/question/15378/understanding-the-identity-protection-phase-of-the-isakmp-exchange/ I would like to rephrase this and would need your help in learning more about the authentication in IKE V1 ISAKMP packets number 5 and 6.

I tried to decrypt this on wireshark using Preferences> ISAKMP > IKE V1 decryption I'm successful in entering the Init Cookie and when it comes to enter the encrypting key it never seems to take any value that I enter.

Question 1> Should I be entering anything apart from the Authentication key ie. SKEYID_a as in RFC 2409 for IKE v1 that is formed for the SPI ? Question 2> Has anyone tried this before ? any help is very much appreciated.

I'm using PSK to authenticate the peers and the phase 1 Encryption is using 3 DES