This is a small tool I developped, designed to analyze packets exchanged during IPSEC-IKE. It's based on the Ipsec-Tools project, and thus reuses some of its terminology. The primary goal of this tool is to help users and developpers understand what's going under the hood without havnig to manually parse the hexadecimal output of a packet.
This tool is not designed to crack or decrypt anything. It's working on decrypted packets, either at the beginning of the exchanges, or after decryption by the racoon daemon.
If you use racoon, you need to run it with at the debug loglevel ; if racoon was foregrounded, you'll have a multiline hex dump of the packet that you can simply paste in the zone above. Otherwise, check your logs, and locate a potential line. You can paste the complete line below (witout any carriage returns), and check the "syslog" checkbox.
If you use tcpdump, unless you managed to make it decrypt the exchange, you'll only be able to read a few packets at the beginning of the exchange. Run tcpdump with (at least) the -xXs0 options, and paste the whole output in the zone.
With other means, you need to get a hexdump of a packet without any adornments (just hexadecimal numbers and white space).
I, Frédéric Senault, did, based on much code from the Ipsec-Tools racoon daemon. If you want to contact me, don't hesitate : fred@lacave.net. Be aware that I recieve tons of spam, so this address is heavily filtered. Don't try to send me HTML (so called enriched text format) mail, it will be rejected. The source code of this tool is available on demand.
This tool is free to use, but I can't give any guarantee anout the correctness of its output, or the useability in any circumstances. I do not monitor in any ways what's sent to this tool, but you only have my word for it. If you believe there is a way to extract private information (passords, or maybe just IP addresses) from your dumps, don't use this tool online.
Instead, you can download the following files :
You'll have to edit the perl file to make it point to the racoon source.
I'm always willing to receive feedback, patches or thanks - as long as it's not insults about my crappy code.
Page last modified the 26/10/2005 - XHTML 1.1 strict and CSS 2.0.