From: VANHULLEBUS Y. <va...@fr...> - 2007-03-23 15:57:07
|
On Fri, Mar 23, 2007 at 01:10:11PM +0100, Tore Anderson wrote: Hi. [....] > Does anyone know how to parse these? I've tried but couldn't > really... Here's an attempt to parse the last line according to RFC > 2408: > > bc4e2e99 caffecaf "Initiator Cookie" > 8db2bdab 8e50294e "Responder Cookie" > 08 "Next Payload" (HASH) > 10 "MjVer" + "MnVer" > 05 "Exchange Type" (Informational) > 01 "Flags" > c911dd25 "Message ID" > 00000044 "Length" (68 bytes) > > I think I've got it right so far because Exchange Type and Length > matches what's in the log (applies to all of the above lines). However > after this I'm lost. If I understand correctly, I should expect a > HASH payload, and the first byte of this one should be "Next Payload". > However this byte is completely different on all the lines, and vary > between being in the "RESERVED" and "Private USE"-ranges. Indeed, > after the ISAKMP header everything just look like random junk to me. You forgot to look at the flag's value and signification: FLAG 01 means "ENCRYPTED payload.... Could you give us racoon's debug after dumping the packet ? Yvan. |