Hi Andreas,
we're a bit further replacing AES by 3DES, but we still don't get a tunnel.
the IKE_SA_INIT exchange seems to be OK, the proposal transforms fit together,
but then Strongswan sends an error message to the GW (see frame 18 in the trace)
Integrity Checksum Data (12 bytes) [incorrect, should be
CDCB1B47120B03D5E94F62FD]
[Expert Info (Warn/Checksum): IKEv2 Integrity Checksum Data is
incorrect]
[Message: IKEv2 Integrity Checksum Data is incorrect]
[Severity level: Warn]
[Group: Checksum]
[Malformed Packet: ISAKMP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
----------------------
Here a short summary of the tunnel establishment:
Frame 16
Internet Protocol, Src: 192.168.30.51 (Strongswan Client), Dst: 192.168.30.254
(Juniper) Internet Security Association and Key Management Protocol
Exchange type: IKE_SA_INIT (34)
Flags: Initiator + Request
Security Association payload
Proposal payload # 1
Proposal transforms: 4
1. Transform payload
Transform type: Encryption Algorithm (ENCR) (1)
Transform ID: ENCR_3DES (3)
2. Transform payload
Transform type: Integrity Algorithm (INTEG) (3)
Transform ID: AUTH_HMAC_SHA1_96 (2)
3. Transform payload
Transform type: Pseudo-random Function (PRF) (2)
Transform ID: PRF_HMAC_SHA1 (2)
4.Transform payload
Transform type: Diffie-Hellman Group (D-H) (4)
Transform ID: Group 2 - 1024 Bit MODP (2)
Key Exchange payload
DH Group #: 2
Key Exchange Data (128 bytes / 1024 bits)
Nonce payload
Nonce Data
Notification payload
Message type: NAT_DETECTION_SOURCE_IP (16388)
Notification Data
Notification payload
Message type: NAT_DETECTION_DESTINATION_IP (16389)
Notification Data
Frame 17
Internet Protocol, Src: 192.168.30.254 (Juniper), Dst: 192.168.30.51
(Strongswan Client)
Internet Security Association and Key Management Protocol: IKE_SA_INIT
Flags: Responder + Response
Security Association payload
Proposal transforms: 4
1. Transform payload
Transform type: Encryption Algorithm (ENCR) (1)
Transform ID: ENCR_3DES (3)
2. Transform payload
Transform type: Pseudo-random Function (PRF) (2)
Transform ID: PRF_HMAC_SHA1 (2)
3. Transform payload
Transform type: Integrity Algorithm (INTEG) (3)
Transform ID: AUTH_HMAC_SHA1_96 (2)
4. Transform payload
Transform type: Diffie-Hellman Group (D-H) (4)
Transform ID: Group 2 - 1024 Bit MODP (2)
Key Exchange payload
DH Group #: 2
Key Exchange Data (128 bytes / 1024 bits)
Nonce payload
Nonce Data
Frame 18
Internet Protocol, Src: 192.168.30.51 (Strongswan Client), Dst: 192.168.30.254
(Juniper)
Internet Security Association and Key Management Protocol
Exchange type: IKE_AUTH (35)
Flags: Initiator + Request
Encrypted payload
Contained Payloads (total 126 bytes)
Identification - I payload
Next payload: PRIVATE USE (216)
1... .... = Critical
Payload length: 45347
Padding (137 bytes)
Pad Length: 137
Integrity Checksum Data (12 bytes) [incorrect, should be
CDCB1B47120B03D5E94F62FD]
[Expert Info (Warn/Checksum): IKEv2 Integrity Checksum Data is
incorrect]
[Message: IKEv2 Integrity Checksum Data is incorrect]
[Severity level: Warn]
[Group: Checksum]
[Malformed Packet: ISAKMP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
Frame 19
Internet Protocol, Src: 192.168.30.254 (Juniper), Dst: 192.168.30.51
(Strongswan Client)
Internet Security Association and Key Management Protocol
Exchange type: INFORMATIONAL (37)
Flags: Responder + Request
Encrypted payload
Next payload: Delete (42)
0... .... = Not critical
Payload length: 40
Initialization Vector: 0x92FDF4C3
Encrypted Data
Frame 20
Internet Protocol, Src: 192.168.30.254 (192.168.30.254), Dst: 192.168.30.51
(192.168.30.51)
Internet Security Association and Key Management Protocol
Exchange type: IKE_AUTH (35)
Flags: 0x20: Responder + Response
Encrypted payload
Decrypted Data (56 bytes)
Pad Length: 69 [too long]
[Expert Info (Warn/Malformed): Pad length is too big]
[Message: Pad length is too big]
[Severity level: Warn]
[Group: Malformed]
Integrity Checksum Data (12 bytes) [incorrect, should be
6F6E83FDEA3DB48453E63730]
[Expert Info (Warn/Checksum): IKEv2 Integrity Checksum Data is
incorrect]
[Message: IKEv2 Integrity Checksum Data is incorrect]
[Severity level: Warn]
[Group: Checksum]
Best regards,
Laurence
No. Time Source Destination Protocol Info
15 12.007626 Belkin_d0:77:2c Broadcast ARP Who
has 192.168.30.20? Tell 192.168.30.51
Frame 15 (60 bytes on wire, 60 bytes captured)
Arrival Time: Sep 22, 2010 09:53:59.273952000
[Time delta from previous captured frame: 0.999954000 seconds]
[Time delta from previous displayed frame: 0.999954000 seconds]
[Time since reference or first frame: 12.007626000 seconds]
Frame Number: 15
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: False]
[Protocols in frame: eth:arp]
[Coloring Rule Name: ARP]
[Coloring Rule String: arp]
Ethernet II, Src: Belkin_d0:77:2c (00:17:3f:d0:77:2c), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address
(multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
Source: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: ARP (0x0806)
Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
[Is gratuitous: False]
Sender MAC address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Sender IP address: 192.168.30.51 (192.168.30.51)
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 192.168.30.20 (192.168.30.20)
0000 ff ff ff ff ff ff 00 17 3f d0 77 2c 08 06 00 01 ........?.w,....
0010 08 00 06 04 00 01 00 17 3f d0 77 2c c0 a8 1e 33 ........?.w,...3
0020 00 00 00 00 00 00 c0 a8 1e 14 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 ............
No. Time Source Destination Protocol Info
16 13.201266 192.168.30.51 192.168.30.254 ISAKMP
IKE_SA_INIT
Frame 16 (342 bytes on wire, 342 bytes captured)
Arrival Time: Sep 22, 2010 09:54:00.467592000
[Time delta from previous captured frame: 1.193640000 seconds]
[Time delta from previous displayed frame: 1.193640000 seconds]
[Time since reference or first frame: 13.201266000 seconds]
Frame Number: 16
Frame Length: 342 bytes
Capture Length: 342 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Belkin_d0:77:2c (00:17:3f:d0:77:2c), Dst: 80:71:1f:b7:b1:85
(80:71:1f:b7:b1:85)
Destination: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
Address: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.30.51 (192.168.30.51), Dst: 192.168.30.254
(192.168.30.254)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 328
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x7b23 [correct]
[Good: True]
[Bad : False]
Source: 192.168.30.51 (192.168.30.51)
Destination: 192.168.30.254 (192.168.30.254)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Source port: isakmp (500)
Destination port: isakmp (500)
Length: 308
Checksum: 0xa13e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Internet Security Association and Key Management Protocol
Initiator cookie: CBF644651386E5B3
Responder cookie: 0000000000000000
Next payload: Security Association (33)
Version: 2.0
Exchange type: IKE_SA_INIT (34)
Flags: 0x08
.... 1... = Initiator
...0 .... =
..0. .... = Request
Message ID: 0x00000000
Length: 300
Security Association payload
Next payload: Key Exchange (34)
0... .... = Not critical
Payload length: 44
Proposal payload # 1
Next payload: NONE (0)
0... .... = Not critical
Payload length: 40
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 4
Transform payload
Next payload: Transform (3)
0... .... = Not critical
Payload length: 8
Transform type: Encryption Algorithm (ENCR) (1)
Transform ID: ENCR_3DES (3)
Transform payload
Next payload: Transform (3)
0... .... = Not critical
Payload length: 8
Transform type: Integrity Algorithm (INTEG) (3)
Transform ID: AUTH_HMAC_SHA1_96 (2)
Transform payload
Next payload: Transform (3)
0... .... = Not critical
Payload length: 8
Transform type: Pseudo-random Function (PRF) (2)
Transform ID: PRF_HMAC_SHA1 (2)
Transform payload
Next payload: NONE (0)
0... .... = Not critical
Payload length: 8
Transform type: Diffie-Hellman Group (D-H) (4)
Transform ID: Group 2 - 1024 Bit MODP (2)
Key Exchange payload
Next payload: Nonce (40)
0... .... = Not critical
Payload length: 136
DH Group #: 2
Key Exchange Data (128 bytes / 1024 bits)
Nonce payload
Next payload: Notification (41)
0... .... = Not critical
Payload length: 36
Nonce Data
Notification payload
Next payload: Notification (41)
0... .... = Not critical
Payload length: 28
Protocol ID: RESERVED (0)
SPI Size: 0
Message type: NAT_DETECTION_SOURCE_IP (16388)
Notification Data
Notification payload
Next payload: NONE (0)
0... .... = Not critical
Payload length: 28
Protocol ID: RESERVED (0)
SPI Size: 0
Message type: NAT_DETECTION_DESTINATION_IP (16389)
Notification Data
0000 80 71 1f b7 b1 85 00 17 3f d0 77 2c 08 00 45 00 .q......?.w,..E.
0010 01 48 00 00 40 00 40 11 7b 23 c0 a8 1e 33 c0 a8 ....@.@.{#...3..
0020 1e fe 01 f4 01 f4 01 34 a1 3e cb f6 44 65 13 86 .......4.>..De..
0030 e5 b3 00 00 00 00 00 00 00 00 21 20 22 08 00 00 ..........! "...
0040 00 00 00 00 01 2c 22 00 00 2c 00 00 00 28 01 01 .....,"..,...(..
0050 00 04 03 00 00 08 01 00 00 03 03 00 00 08 03 00 ................
0060 00 02 03 00 00 08 02 00 00 02 00 00 00 08 04 00 ................
0070 00 02 28 00 00 88 00 02 00 00 45 3e 71 d4 93 50 ..(.......E>q..P
0080 80 86 59 75 14 3e 23 27 74 71 75 ac 6c db 5e 7c ..Yu.>#'tqu.l.^|
0090 fb 69 0a 98 6a 98 32 9a 03 00 a1 4d 0b 9d 71 9e .i..j.2....M..q.
00a0 38 c0 af 20 25 fe 14 b8 5f 14 b4 e7 fc 04 48 37 8.. %..._.....H7
00b0 1a fe 04 a9 75 08 65 69 c6 74 bc c5 60 9e 89 c9 ....u.ei.t..`...
00c0 96 2c c8 51 d8 ec 71 04 ab 9b cd ac 4d d0 0c 8e .,.Q..q.....M...
00d0 49 2f 25 43 50 ba 5c bd ea 32 d2 3b 1c 4d c5 30 I/%CP.\..2.;.M.0
00e0 fa 31 86 2c cb d8 c9 78 1d ca 4b 8f 08 11 2a 65 .1.,...x..K...*e
00f0 1e 97 ba a8 41 04 4d ee a9 b9 29 00 00 24 04 58 ....A.M...)..$.X
0100 bd 34 a4 ad 5c 06 5a 7b 96 f5 0e 3c 06 b0 06 00 .4..\.Z{...<....
0110 01 0d c3 43 5d 87 dd 8e ec 83 fd 7a 83 60 29 00 ...C]......z.`).
0120 00 1c 00 00 40 04 72 13 6c 50 bc 2f 4a 0b 81 1f [email protected]./J...
0130 de 94 1c 86 80 93 f0 4a 1d 13 00 00 00 1c 00 00 .......J........
0140 40 05 f1 ef 8c ad 41 9a 6d b2 55 19 3e 53 cf 6f @.....A.m.U.>S.o
0150 64 7e 57 3d f1 f3 d~W=..
No. Time Source Destination Protocol Info
17 13.202746 192.168.30.254 192.168.30.51 ISAKMP
IKE_SA_INIT
Frame 17 (286 bytes on wire, 286 bytes captured)
Arrival Time: Sep 22, 2010 09:54:00.469072000
[Time delta from previous captured frame: 0.001480000 seconds]
[Time delta from previous displayed frame: 0.001480000 seconds]
[Time since reference or first frame: 13.202746000 seconds]
Frame Number: 17
Frame Length: 286 bytes
Capture Length: 286 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85), Dst: Belkin_d0:77:2c
(00:17:3f:d0:77:2c)
Destination: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
Address: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.30.254 (192.168.30.254), Dst: 192.168.30.51
(192.168.30.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 272
Identification: 0x190d (6413)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa24e [correct]
[Good: True]
[Bad : False]
Source: 192.168.30.254 (192.168.30.254)
Destination: 192.168.30.51 (192.168.30.51)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Source port: isakmp (500)
Destination port: isakmp (500)
Length: 252
Checksum: 0x3a94 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Internet Security Association and Key Management Protocol
Initiator cookie: CBF644651386E5B3
Responder cookie: 10F5AF85CAFFF299
Next payload: Security Association (33)
Version: 2.0
Exchange type: IKE_SA_INIT (34)
Flags: 0x20
.... 0... = Responder
...0 .... =
..1. .... = Response
Message ID: 0x00000000
Length: 244
Security Association payload
Next payload: Key Exchange (34)
0... .... = Not critical
Payload length: 44
Proposal payload # 1
Next payload: NONE (0)
0... .... = Not critical
Payload length: 40
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 4
Transform payload
Next payload: Transform (3)
0... .... = Not critical
Payload length: 8
Transform type: Encryption Algorithm (ENCR) (1)
Transform ID: ENCR_3DES (3)
Transform payload
Next payload: Transform (3)
0... .... = Not critical
Payload length: 8
Transform type: Pseudo-random Function (PRF) (2)
Transform ID: PRF_HMAC_SHA1 (2)
Transform payload
Next payload: Transform (3)
0... .... = Not critical
Payload length: 8
Transform type: Integrity Algorithm (INTEG) (3)
Transform ID: AUTH_HMAC_SHA1_96 (2)
Transform payload
Next payload: NONE (0)
0... .... = Not critical
Payload length: 8
Transform type: Diffie-Hellman Group (D-H) (4)
Transform ID: Group 2 - 1024 Bit MODP (2)
Key Exchange payload
Next payload: Nonce (40)
0... .... = Not critical
Payload length: 136
DH Group #: 2
Key Exchange Data (128 bytes / 1024 bits)
Nonce payload
Next payload: NONE (0)
0... .... = Not critical
Payload length: 36
Nonce Data
0000 00 17 3f d0 77 2c 80 71 1f b7 b1 85 08 00 45 00 ..?.w,.q......E.
0010 01 10 19 0d 00 00 40 11 a2 4e c0 a8 1e fe c0 a8 [email protected]......
0020 1e 33 01 f4 01 f4 00 fc 3a 94 cb f6 44 65 13 86 .3......:...De..
0030 e5 b3 10 f5 af 85 ca ff f2 99 21 20 22 20 00 00 ..........! " ..
0040 00 00 00 00 00 f4 22 00 00 2c 00 00 00 28 01 01 ......"..,...(..
0050 00 04 03 00 00 08 01 00 00 03 03 00 00 08 02 00 ................
0060 00 02 03 00 00 08 03 00 00 02 00 00 00 08 04 00 ................
0070 00 02 28 00 00 88 00 02 00 00 82 7f f1 5a eb 52 ..(..........Z.R
0080 44 a4 8a 3f fe 33 d2 1c 16 e6 2c 1d b7 87 6d 9e D..?.3....,...m.
0090 5c ee eb da 16 ac 66 6c 78 d0 4a df 7e 03 88 e4 \.....flx.J.~...
00a0 d1 1d 77 5d 6d 16 cd b3 3b 83 42 a0 85 73 48 55 ..w]m...;.B..sHU
00b0 4c d8 6f f8 ed 81 1e 01 f9 30 12 bb d5 02 df 69 L.o......0.....i
00c0 c4 a2 7d 1f fe d9 3b b2 28 ad 48 e7 4f f7 31 16 ..}...;.(.H.O.1.
00d0 d9 e4 54 62 24 4a ef 3b 62 6b 0f 75 fd 8a 35 51 ..Tb$J.;bk.u..5Q
00e0 c1 61 cd 3b f8 40 5e 20 46 69 85 18 31 5a 74 e9 .a.;....@^ Fi..1Zt.
00f0 1c de ae 78 38 0e be 52 13 16 00 00 00 24 f3 b8 ...x8..R.....$..
0100 f6 7a 34 87 02 94 02 f2 6d c0 48 f5 96 c7 f6 40 .z4.....m.H....@
0110 24 db 99 b1 a9 4a 6c 52 7f 9b 62 e0 e7 53 $....JlR..b..S
No. Time Source Destination Protocol Info
18 13.211784 192.168.30.51 192.168.30.254 ISAKMP
IKE_AUTH [Malformed Packet]
Frame 18 (358 bytes on wire, 358 bytes captured)
Arrival Time: Sep 22, 2010 09:54:00.478110000
[Time delta from previous captured frame: 0.009038000 seconds]
[Time delta from previous displayed frame: 0.009038000 seconds]
[Time since reference or first frame: 13.211784000 seconds]
Frame Number: 18
Frame Length: 358 bytes
Capture Length: 358 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Belkin_d0:77:2c (00:17:3f:d0:77:2c), Dst: 80:71:1f:b7:b1:85
(80:71:1f:b7:b1:85)
Destination: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
Address: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.30.51 (192.168.30.51), Dst: 192.168.30.254
(192.168.30.254)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 344
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x7b13 [correct]
[Good: True]
[Bad : False]
Source: 192.168.30.51 (192.168.30.51)
Destination: 192.168.30.254 (192.168.30.254)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Source port: isakmp (500)
Destination port: isakmp (500)
Length: 324
Checksum: 0x3c26 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Internet Security Association and Key Management Protocol
Initiator cookie: CBF644651386E5B3
Responder cookie: 10F5AF85CAFFF299
Next payload: Encrypted (46)
Version: 2.0
Exchange type: IKE_AUTH (35)
Flags: 0x08
.... 1... = Initiator
...0 .... =
..0. .... = Request
Message ID: 0x00000001
Length: 316
Encrypted payload
Next payload: Identification - I (35)
0... .... = Not critical
Payload length: 288
Initialization Vector (8 bytes): 0x550B7AF1C13395FA
Encrypted Data (264 bytes)
Decrypted Data (264 bytes)
Contained Payloads (total 126 bytes)
Identification - I payload
Next payload: PRIVATE USE (216)
1... .... = Critical
Payload length: 45347
Padding (137 bytes)
Pad Length: 137
Integrity Checksum Data (12 bytes) [incorrect, should be
CDCB1B47120B03D5E94F62FD]
[Expert Info (Warn/Checksum): IKEv2 Integrity Checksum Data is
incorrect]
[Message: IKEv2 Integrity Checksum Data is incorrect]
[Severity level: Warn]
[Group: Checksum]
[Malformed Packet: ISAKMP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
Frame (358 bytes):
0000 80 71 1f b7 b1 85 00 17 3f d0 77 2c 08 00 45 00 .q......?.w,..E.
0010 01 58 00 00 40 00 40 11 7b 13 c0 a8 1e 33 c0 a8 ....@.@.{....3..
0020 1e fe 01 f4 01 f4 01 44 3c 26 cb f6 44 65 13 86 .......D<&..De..
0030 e5 b3 10 f5 af 85 ca ff f2 99 2e 20 23 08 00 00 ........... #...
0040 00 01 00 00 01 3c 23 00 01 20 55 0b 7a f1 c1 33 .....<#.. U.z..3
0050 95 fa 25 70 8a 8f 80 11 71 85 fe c9 19 1f 40 4e ..%p....q.....@n
0060 f6 9d 4c 09 c5 e3 67 79 b6 5d cb 5f d9 10 fc 97 ..L...gy.]._....
0070 d2 7e ed de b5 76 76 ad 24 b3 7e a6 49 7b 99 25 .~...vv.$.~.I{.%
0080 a4 ef 1a 4b 35 19 a9 c2 7f 0d 45 2c 0d 5d 82 65 ...K5.....E,.].e
0090 20 f8 28 9d 78 10 48 7e 2c ef 3b 06 45 a5 90 7d .(.x.H~,.;.E..}
00a0 bb 1d 9e 18 ca bf 18 f8 95 2e b9 70 87 87 cf 29 ...........p...)
00b0 f2 b5 fc f3 e2 40 88 d9 2f ff fb 2e ad bd 38 a2 .....@../.....8.
00c0 12 f9 69 60 38 b2 7f c4 21 99 d1 f8 14 af bc 51 ..i`8...!......Q
00d0 e5 b9 8e dd 76 bb 01 bb db f3 ff 8b db 56 34 4d ....v........V4M
00e0 33 85 fe 6f 74 7a ee 82 d3 76 6f 8c d8 ff 47 85 3..otz...vo...G.
00f0 c1 69 46 27 84 a2 eb 8c d4 3b bb 63 64 a4 b4 74 .iF'.....;.cd..t
0100 d8 2d 39 e1 5f 5c d3 05 08 dd 1d ce 45 22 21 d3 .-9._\......E"!.
0110 b6 ab d4 b0 75 d5 92 92 94 2e 52 b0 2a ca 84 e4 ....u.....R.*...
0120 ab 58 59 5d cc 21 25 29 a7 c9 04 54 e9 fc 4c eb .XY].!%)...T..L.
0130 1d c9 01 bd a3 a8 47 9c 78 8d 40 7e 98 a9 22 95 ......g...@~..".
0140 33 d6 b8 db 85 af 41 2c e7 1d aa 06 a1 55 94 d4 3.....A,.....U..
0150 1f 82 30 56 1b dc 4c 9a c4 09 70 c9 ef 26 e0 17 ..0V..L...p..&..
0160 cd 5f 27 9a b1 a4 ._'...
Decrypted Data (264 bytes):
0000 d8 ec b1 23 2e ae 35 38 6e d1 b2 01 bd 3c a8 e2 ...#..58n....<..
0010 1e ea d5 6e 84 35 0b 3c ac 92 ad 99 d6 c9 01 7a ...n.5.<.......z
0020 d5 87 b4 ce e4 b7 bc 20 06 24 e3 a5 a3 03 72 74 ....... .$....rt
0030 fe 84 84 2b 5e fc 7f 67 ad ba 18 4a 99 f6 a0 0d ...+^..g...J....
0040 a8 77 34 fb ad a7 97 1f 3f ef 29 d7 c9 6a f9 30 .w4.....?.)..j.0
0050 00 a5 b9 5c e0 77 a4 d5 f9 2f 78 a3 7e 19 00 30 ...\.w.../x.~..0
0060 f0 ab 72 72 0e 0a ed 1a 55 21 cf 5c fc 12 74 52 ..rr....U!.\..tR
0070 0d fe 61 7e 36 f6 da 63 03 68 3f 55 93 04 59 74 ..a~6..c.h?U..Yt
0080 ff 0d ca 01 81 f4 d8 27 cf b9 f7 48 c9 62 bd 28 .......'...H.b.(
0090 60 bc 6e 94 be 1b b3 40 89 7e 09 17 7f 0c e0 dc `.n....@.~......
00a0 78 69 70 fd 41 ff 10 bf 6d c9 a6 d5 2d 14 83 52 xip.A...m...-..R
00b0 49 32 e5 77 ba 89 5b fc 15 0e d8 c7 4a 02 87 a7 I2.w..[.....J...
00c0 d5 5c 7b 45 01 10 f6 61 73 11 b4 58 2b ce a8 d6 .\{E...as..X+...
00d0 3f 73 c0 5c 73 0a c7 73 6a 80 24 95 46 32 5c 77 ?s.\s..sj.$.F2\w
00e0 4a 00 5b 9a c2 3d ce 89 bd cf 61 61 be 81 65 8f J.[..=....aa..e.
00f0 83 ed 2a cf f0 a9 90 c1 93 32 4a f5 73 50 11 5f ..*......2J.sP._
0100 3d 42 b0 c9 95 45 87 89 =B...E..
No. Time Source Destination Protocol Info
19 13.212451 192.168.30.254 192.168.30.51 ISAKMP
INFORMATIONAL
Frame 19 (110 bytes on wire, 110 bytes captured)
Arrival Time: Sep 22, 2010 09:54:00.478777000
[Time delta from previous captured frame: 0.000667000 seconds]
[Time delta from previous displayed frame: 0.000667000 seconds]
[Time since reference or first frame: 13.212451000 seconds]
Frame Number: 19
Frame Length: 110 bytes
Capture Length: 110 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85), Dst: Belkin_d0:77:2c
(00:17:3f:d0:77:2c)
Destination: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
Address: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.30.254 (192.168.30.254), Dst: 192.168.30.51
(192.168.30.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 96
Identification: 0x190e (6414)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa2fd [correct]
[Good: True]
[Bad : False]
Source: 192.168.30.254 (192.168.30.254)
Destination: 192.168.30.51 (192.168.30.51)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Source port: isakmp (500)
Destination port: isakmp (500)
Length: 76
Checksum: 0x179a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Internet Security Association and Key Management Protocol
Initiator cookie: A3BA1D0EE1CB8BBF
Responder cookie: 1161BE0E812E091A
Next payload: Encrypted (46)
Version: 2.0
Exchange type: INFORMATIONAL (37)
Flags: 0x00
.... 0... = Responder
...0 .... =
..0. .... = Request
Message ID: 0x00000000
Length: 68
Encrypted payload
Next payload: Delete (42)
0... .... = Not critical
Payload length: 40
Initialization Vector: 0x92FDF4C3
Encrypted Data
0000 00 17 3f d0 77 2c 80 71 1f b7 b1 85 08 00 45 00 ..?.w,.q......E.
0010 00 60 19 0e 00 00 40 11 a2 fd c0 a8 1e fe c0 a8 .`....@.........
0020 1e 33 01 f4 01 f4 00 4c 17 9a a3 ba 1d 0e e1 cb .3.....L........
0030 8b bf 11 61 be 0e 81 2e 09 1a 2e 20 25 00 00 00 ...a....... %...
0040 00 00 00 00 00 44 2a 00 00 28 92 fd f4 c3 09 bb .....D*..(......
0050 7f 9e 50 65 d1 3c f4 66 0c e8 5d 2c 61 3c a6 a2 ..Pe.<.f..],a<..
0060 34 47 f2 2a fb 9e 9a 52 9e 80 26 4e 05 6f 4G.*...R..&N.o
No. Time Source Destination Protocol Info
20 13.212764 192.168.30.254 192.168.30.51 ISAKMP
IKE_AUTH
Frame 20 (150 bytes on wire, 150 bytes captured)
Arrival Time: Sep 22, 2010 09:54:00.479090000
[Time delta from previous captured frame: 0.000313000 seconds]
[Time delta from previous displayed frame: 0.000313000 seconds]
[Time since reference or first frame: 13.212764000 seconds]
Frame Number: 20
Frame Length: 150 bytes
Capture Length: 150 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:isakmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85), Dst: Belkin_d0:77:2c
(00:17:3f:d0:77:2c)
Destination: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
Address: Belkin_d0:77:2c (00:17:3f:d0:77:2c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
Address: 80:71:1f:b7:b1:85 (80:71:1f:b7:b1:85)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.30.254 (192.168.30.254), Dst: 192.168.30.51
(192.168.30.51)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 136
Identification: 0x190f (6415)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa2d4 [correct]
[Good: True]
[Bad : False]
Source: 192.168.30.254 (192.168.30.254)
Destination: 192.168.30.51 (192.168.30.51)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Source port: isakmp (500)
Destination port: isakmp (500)
Length: 116
Checksum: 0xfbc5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Internet Security Association and Key Management Protocol
Initiator cookie: CBF644651386E5B3
Responder cookie: 10F5AF85CAFFF299
Next payload: Encrypted (46)
Version: 2.0
Exchange type: IKE_AUTH (35)
Flags: 0x20
.... 0... = Responder
...0 .... =
..1. .... = Response
Message ID: 0x00000001
Length: 108
Encrypted payload
Next payload: Identification - R (36)
0... .... = Not critical
Payload length: 80
Initialization Vector (8 bytes): 0xDA8789DDAFAFEBF8
Encrypted Data (56 bytes)
Decrypted Data (56 bytes)
Pad Length: 69 [too long]
[Expert Info (Warn/Malformed): Pad length is too big]
[Message: Pad length is too big]
[Severity level: Warn]
[Group: Malformed]
Integrity Checksum Data (12 bytes) [incorrect, should be
6F6E83FDEA3DB48453E63730]
[Expert Info (Warn/Checksum): IKEv2 Integrity Checksum Data is
incorrect]
[Message: IKEv2 Integrity Checksum Data is incorrect]
[Severity level: Warn]
[Group: Checksum]
Frame (150 bytes):
0000 00 17 3f d0 77 2c 80 71 1f b7 b1 85 08 00 45 00 ..?.w,.q......E.
0010 00 88 19 0f 00 00 40 11 a2 d4 c0 a8 1e fe c0 a8 ......@.........
0020 1e 33 01 f4 01 f4 00 74 fb c5 cb f6 44 65 13 86 .3.....t....De..
0030 e5 b3 10 f5 af 85 ca ff f2 99 2e 20 23 20 00 00 ........... # ..
0040 00 01 00 00 00 6c 24 00 00 50 da 87 89 dd af af .....l$..P......
0050 eb f8 27 89 63 b3 23 50 0f 8a c5 c3 b0 d8 cb 02 ..'.c.#P........
0060 c3 67 e6 4c 89 0f e9 eb 66 bf 4b 18 d0 fe 9a d4 .g.L....f.K.....
0070 e5 b6 05 04 de 39 a0 e8 b1 c6 56 25 a8 24 d3 74 .....9....V%.$.t
0080 d0 13 41 7b f0 6f 65 30 da 7c 36 c3 12 22 a5 c0 ..A{.oe0.|6.."..
0090 3c 71 ef 0d bf da <q....
Decrypted Data (56 bytes):
0000 e4 53 e8 19 56 75 d0 20 d0 02 22 6e a2 77 e0 ff .S..Vu. .."n.w..
0010 90 e6 87 0d 16 cb a5 2c 17 c1 e7 47 ae 81 8b c6 .......,...G....
0020 33 15 5b 63 b5 bb c3 ce 8c ac 08 1e a4 69 1e bc 3.[c.........i..
0030 5f 6c f0 f0 81 d9 97 45 _l.....E
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
