No. Time Source Destination Protocol Info 1 0.000000 10.254.103.130 10.120.51.12 ISAKMP Identity Protection (Main Mode) Frame 1 (164 bytes on wire, 164 bytes captured) Linux cooked capture Internet Protocol, Src: 10.254.103.130 (10.254.103.130), Dst: 10.120.51.12 (10.120.51.12) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 0000000000000000 Next payload: Security Association (1) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x00 .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 120 Security Association payload Next payload: Vendor ID (13) Payload length: 56 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 0 Next payload: NONE (0) Payload length: 44 Proposal number: 0 Protocol ID: ISAKMP (1) SPI Size: 0 Proposal transforms: 1 Transform payload # 0 Next payload: NONE (0) Payload length: 36 Transform number: 0 Transform ID: KEY_IKE (1) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (86400) Encryption-Algorithm (1): 3DES-CBC (5) Hash-Algorithm (2): SHA (2) Authentication-Method (3): RSA-SIG (3) Group-Description (4): Alternate 1024-bit MODP group (2) Vendor ID: 4F456F534A55776561714158 Next payload: Vendor ID (13) Payload length: 16 Vendor ID: 4F456F534A55776561714158 Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD) Next payload: NONE (0) Payload length: 20 Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD) No. Time Source Destination Protocol Info 2 0.008721 10.120.51.12 10.254.103.130 ISAKMP Identity Protection (Main Mode) Frame 2 (252 bytes on wire, 252 bytes captured) Linux cooked capture Internet Protocol, Src: 10.120.51.12 (10.120.51.12), Dst: 10.254.103.130 (10.254.103.130) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Security Association (1) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x00 .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 208 Security Association payload Next payload: Vendor ID (13) Payload length: 56 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 0 Next payload: NONE (0) Payload length: 44 Proposal number: 0 Protocol ID: ISAKMP (1) SPI Size: 0 Proposal transforms: 1 Transform payload # 0 Next payload: NONE (0) Payload length: 36 Transform number: 0 Transform ID: KEY_IKE (1) Encryption-Algorithm (1): 3DES-CBC (5) Hash-Algorithm (2): SHA (2) Group-Description (4): Alternate 1024-bit MODP group (2) Authentication-Method (3): RSA-SIG (3) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (86400) Vendor ID: MS NT5 ISAKMPOAKLEY Next payload: Vendor ID (13) Payload length: 24 Vendor ID: MS NT5 ISAKMPOAKLEY Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE Next payload: Vendor ID (13) Payload length: 20 Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n Next payload: Vendor ID (13) Payload length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n Vendor ID: Microsoft L2TP/IPSec VPN Client Next payload: Vendor ID (13) Payload length: 20 Vendor ID: Microsoft L2TP/IPSec VPN Client Vendor ID: FB1DE3CDF341B7EA16B7E5BE0855F120 Next payload: Vendor ID (13) Payload length: 20 Vendor ID: FB1DE3CDF341B7EA16B7E5BE0855F120 Vendor ID: E3A5966A76379FE707228231E5CE8652 Next payload: NONE (0) Payload length: 20 Vendor ID: E3A5966A76379FE707228231E5CE8652 No. Time Source Destination Protocol Info 3 4.324337 10.254.103.130 10.120.51.12 ISAKMP Identity Protection (Main Mode) Frame 3 (224 bytes on wire, 224 bytes captured) Linux cooked capture Internet Protocol, Src: 10.254.103.130 (10.254.103.130), Dst: 10.120.51.12 (10.120.51.12) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Key Exchange (4) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x00 .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 180 Key Exchange payload Next payload: Nonce (10) Payload length: 132 Key Exchange Data (128 bytes / 1024 bits) Nonce payload Next payload: NONE (0) Payload length: 20 Nonce Data No. Time Source Destination Protocol Info 4 4.344312 10.120.51.12 10.254.103.130 ISAKMP Identity Protection (Main Mode) Frame 4 (394 bytes on wire, 394 bytes captured) Linux cooked capture Internet Protocol, Src: 10.120.51.12 (10.120.51.12), Dst: 10.254.103.130 (10.254.103.130) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Key Exchange (4) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x00 .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 350 Key Exchange payload Next payload: Nonce (10) Payload length: 132 Key Exchange Data (128 bytes / 1024 bits) Nonce payload Next payload: Certificate Request (7) Payload length: 52 Nonce Data Certificate Request payload Next payload: NONE (0) Payload length: 138 Certificate type: 4 - X.509 Certificate - Signature Certificate Authority Distinguished Name: 0 rdnSequence: 6 items (pkcs-9-at-emailAddress=bmc-ccc@tmnl.nl,id-at-commonName=tmnl,id-at-organizationalUnitName=Integration,id-at-organizationName=Alcatel-Lucent,id-at-stateOrProvinceName=Zuid-Holland,id-at-countryName=NL) RDNSequence: 1 item (id-at-countryName=NL) RelativeDistinguishedName (id-at-countryName=NL) Id: 2.5.4.6 (id-at-countryName) CountryName: NL RDNSequence: 1 item (id-at-stateOrProvinceName=Zuid-Holland) RelativeDistinguishedName (id-at-stateOrProvinceName=Zuid-Holland) Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Zuid-Holland RDNSequence: 1 item (id-at-organizationName=Alcatel-Lucent) RelativeDistinguishedName (id-at-organizationName=Alcatel-Lucent) Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Alcatel-Lucent RDNSequence: 1 item (id-at-organizationalUnitName=Integration) RelativeDistinguishedName (id-at-organizationalUnitName=Integration) Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: Integration RDNSequence: 1 item (id-at-commonName=tmnl) RelativeDistinguishedName (id-at-commonName=tmnl) Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: tmnl RDNSequence: 1 item (pkcs-9-at-emailAddress=bmc-ccc@tmnl.nl) RelativeDistinguishedName (pkcs-9-at-emailAddress=bmc-ccc@tmnl.nl) Id: 1.2.840.113549.1.9.1 (pkcs-9-at-emailAddress) SyntaxIA5String: bmc-ccc@tmnl.nl No. Time Source Destination Protocol Info 5 11.598858 10.254.103.130 10.120.51.12 ISAKMP Identity Protection (Main Mode) Frame 5 (1112 bytes on wire, 1112 bytes captured) Linux cooked capture Internet Protocol, Src: 10.254.103.130 (10.254.103.130), Dst: 10.120.51.12 (10.120.51.12) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x01 .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 1068 Encrypted payload (1040 bytes) No. Time Source Destination Protocol Info 6 11.608303 10.120.51.12 10.254.103.130 ISAKMP Informational Frame 6 (128 bytes on wire, 128 bytes captured) Linux cooked capture Internet Protocol, Src: 10.120.51.12 (10.120.51.12), Dst: 10.254.103.130 (10.254.103.130) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Hash (8) Version: 1.0 Exchange type: Informational (5) Flags: 0x01 .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x0c4004c6 Length: 84 Encrypted payload (56 bytes) No. Time Source Destination Protocol Info 7 12.825065 10.254.103.130 10.120.51.12 ISAKMP Informational Frame 7 (84 bytes on wire, 84 bytes captured) Linux cooked capture Internet Protocol, Src: 10.254.103.130 (10.254.103.130), Dst: 10.120.51.12 (10.120.51.12) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Notification (11) Version: 1.0 Exchange type: Informational (5) Flags: 0x00 .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0xe39e4d6d Length: 40 Notification payload Next payload: NONE (0) Payload length: 12 Domain of interpretation: IPSEC (1) Protocol ID: ISAKMP (1) SPI Size: 0 Message type: PAYLOAD-MALFORMED (16) No. Time Source Destination Protocol Info 8 22.867190 10.254.103.130 10.120.51.12 ISAKMP Identity Protection (Main Mode) Frame 8 (1112 bytes on wire, 1112 bytes captured) Linux cooked capture Internet Protocol, Src: 10.254.103.130 (10.254.103.130), Dst: 10.120.51.12 (10.120.51.12) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x01 .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 1068 Encrypted payload (1040 bytes) No. Time Source Destination Protocol Info 9 44.018554 10.254.103.130 10.120.51.12 ISAKMP Identity Protection (Main Mode) Frame 9 (1112 bytes on wire, 1112 bytes captured) Linux cooked capture Internet Protocol, Src: 10.254.103.130 (10.254.103.130), Dst: 10.120.51.12 (10.120.51.12) User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500) Internet Security Association and Key Management Protocol Initiator cookie: 7740170C2F1B202F Responder cookie: 70B8AA5C1433F3BA Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x01 .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 1068 Encrypted payload (1040 bytes)