On 2008-11-17, Christoph Leser <[EMAIL PROTECTED]> wrote: > 21:38:55.438591 a.b.c.d.500 > u.v.w.x.500: [udp sum ok] isakmp v1.0 > exchange ID_PROT > cookie: 251068307c823c51->5086ce0f33dfbb37 msgid: 00000000 len: > 92 > payload: ID len: 9336 [|isakmp] [ttl 0] (id 1, len 120)
> The len field in the received packet seems queer. Certainly does; the [|isakmp] indicates a truncated packet i.e. received data is shorter than the length it should be (commonly you see this with a too-short -s value in a tcpdump capture, but that won't be the case here), followed up by the actual length, in this case 120 bytes. > I would think this is an openswan problem, but how can I prove this? I > have no access to the openswan box. Can I get more information about the > offending packet, like a decrypted hexdump or else? tcpdump -X gives a hex dump.