Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
0
Helpful
1
Replies

Capture Ike Phase 1 packets

mohamed.fawzy2012
Level 3
Level 3

‎05-02-2017 02:33 PM - edited ‎03-12-2019 02:18 AM

if i want to capture packets of IKE phase 1 using capture command , is this the right command

 capture match udp eq port 500 eq port 500

i found this in cisco document 

  • ikev1/ikev2 - Captures only Internet Key Exchange Version 1 (IKEv1) or IKEv2 protocol information.

  • isakmp - Captures Internet Security Association and Key Management Protocol (ISAKMP) traffic for VPN connections. The ISAKMP subsystem does not have access to the upper-layer protocols. The capture is a pseudo capture, with the physical, IP, and UDP layers combined together in order to satisfy a PCAP parser. The peer addresses are obtained from the SA exchange and are stored in the IP layer.

but i don't understand this

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎05-03-2017 03:40 AM

with that capture you could miss some of the Phase1-packets depending on the infrastructure and your peer. The source-port doesn't have to be udp/500 and the destination can also be udp/4500.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card