Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
1
Replies

Wireshark Decrypting IKEv1 Text PSK to Hex

dmoviesad
Level 1
Level 1

‎11-25-2021 02:19 AM

I'm trying to debug a Cisco VPN setup as part of a Uni Lab (so please don't worry about posting of keys etc. it's just a toy setup with no internet facing connection).

I want to decrypt the IKEv1 traffic I'm capturing to work out what is going wrong. I've set up Wireshark as per the attached image with the SPIs for each peer. I think my issue may be with the PSK. It has been set to "SECRET-KEY" in the two endpoints but I'm not sure how to translate it to hex for entering in Wireshark. I've tried a direct translation using Cyber Chef "To Hex" but that doesnt seem to be right. Can anyone point me to where I am going wrong please?

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-25-2021 02:27 AM

That's not the way it will work. Wireshark is asking for an IPsec session-key. But that will be negotiated by the IPsec peers with IKE and the PSK is mainly to authenticate the exchange. But it is not the actual session key.

0 Helpful
Customers Also Viewed These Support Documents