This is our old Q&A Site. Please post any new questions and answers at

I'm trying to decrypt ESP packets that I captured. I have a VPN setup using L2TP. I've read the page. However, I don't know how to verify all the fields required for a windows 7 Machine. For example the Encryption Algorithm, Authentication Algorithm, Encryption key ect. Any guidance would be greatly appreciated.

asked 26 Jul '12, 09:01

milesmeridith's gravatar image

accept rate: 0%

Please see my answer here:

Search for "ESP Decryption".

To be able to decrypt ESP packets you need a lot of internal state data from your IPSEC implementation. Some Linux versions will give access to that data with this command: ip xfrm state. So, we need to figure out how to get that data from your L2TP server.

Is your L2TP server:

  • a windows system (which one)
  • a firewall/vpn device (which one)
  • a Linux/Unix system (which one)


It's a SonicWall

You need to boot a debug kernel (diagnostics firmware).

Then run some of the IPSEC debug commands mentioned in that document. I suggest at least these three:


Maybe there is a way to get that information from the Windows 7 client as well, however I can't find any decent information about that.


permanent link

answered 26 Jul '12, 09:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

edited 26 Jul '12, 10:23

It's a sonicwall FW. Thank you for your help btw.

(26 Jul '12, 09:37) milesmeridith

I'll have to check how to get the required data from SonicWall debug output, if it's possible at all...

UPDATE: see my update in the answer

(26 Jul '12, 09:39) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 26 Jul '12, 09:01

question was seen: 13,907 times

last updated: 26 Jul '12, 10:23

p​o​w​e​r​e​d by O​S​Q​A