Hi, this Wireshark has a problem decrypting IKE messages when message 5 and 6 are fragmented and reassembled in Wireshark? I used the described method numerous times with OpenSwan and it worked like a charm. Then I changed to certificate based authentication and the payload exceeded the 1500 byte packet size. Although I enter ICOOKIE and enc_key as the times before, I still see only encrypted data... I will enable JUMBO frames to verify this but maybe you have seen this before... Cheers, Dominik asked 29 Oct '12, 09:58  Dominik converted to question 29 Oct '12, 13:32  grahamb ♦ |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Converted from an "answer" to http://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-packets
Hi,
even with JUMBO frames it doesn't work. I have file a bug report for this.
Cheers, Dominik