Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

Chapter 2 Troubleshooting Tools VPN-1/FireWall-1 Control Commands

Advanced Technical Reference Guide 4.1 • June 2000 12

crypt

With this option turned on, all the encrypted/decrypted packets are printed in clear text and cipher text. The

algorithms and keys that used are also printed

Example Encrypting ICMP with fwz1 using SecuRemote.

(The line numbers are not shown in the actual debugging and have been added for

convenience).

Output

1. fw_crypt: op=decrypt method=0 md=1 entry=4 len=60 offset=24

2. fw_crypt: cookie=7E492D0, cookie_m=5A49600, packetid=9E00

3. fw_crypt: keybuf=7E86290 keylen=6 keyval=(1E,42,8A,D2,2,52)

4. fw_crypt: mdkeylen=32

mdkey=(61,8F,DF,A4,AB,7C,AA,5E,96,F,53,36,1C,92,B1,47,55,C8,1F,8B,6A,

DE,CB,62,65, FB,51,52,6B,63,4,C2)

5. fw_crypt: niv=4 iv=(E7,A,8,0)

6. fw_crypt: crunched iv=(E7,A,8,0,E7,A)

7. fw_crypt: just before calling fwcrypto_do()

8. cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0

9. 0: 45 00 00 3C E7 0A 00 00 20 01 76 1F C0 A8 6E 05

16: C7 CB 47 1E 08 00 F9 5B CF 8D F1 86 98 28 92 87

32: A8 7F 80 4F 79 C4 0E 4F 3B 72 CA 32 4E CB A6 96

48: 45 95 D1 A3 15 11 76 07 C4 42 1C 2B

10. fw_crypt_check_md: mdlen=16

md=(B1,8B,69,CA,62,FE,AB,67,79,27,88,55,15,14,7F,B4)

11. fw_crypt: just after calling cookie_put_data()

12. cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0

13. 0: 45 00 00 3C E7 0A 00 00 20 01 76 1F C0 A8 6E 05

16: C7 CB 47 1E 08 00 F9 5B 02 00 52 00 61 62 63 64

32: 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74

48: 75 76 77 61 62 63 64 65 66 67 68 69

Explanation 1. op=decrypt – the operation that is being done now is decryption.

method=0 – the method is fwz1 (this is vesion specificand in this case it is the vpn version).

md=1 – using MD5.

Entry=4 – entry number is 4 (in the connection table this means responder of encrypted

connection - see“connections table,” page 142, in the Tables section).

Len=60 – packets length is 60.

offset=24 – start decrypting after 24 bytes (the first 24 bytes are the IP header and part of the

ICMP header as well)

2. cookie=7E492D0,

cookie_m=5A49600 – where the data is actually being stored (pointers).

packetid=9E00 – the packet id of this packet (in VPN-1/FireWall-1 each packet has a unique

packet id that is used to identify the packet for further use such in the “hold” table.)

3. keybuf=7E86290 – pointer to encryption key.

keylen=6 – the length of the key is 6 bytes.

keyval=(1E,42,8A,D2,2,52) – the actual data encryption key (6 bytes)

4. mdkeylen=32 – the length for the MD5 key is 32 bytes (the data authentication key).

mdkey=(61,8F,DF,A4,AB,7C,AA,5E,96,F,53,36,1C,92,B1,47,55,C8,1F,8B,6A,DE,CB,62,65,FB

,51,52,6B,63,4,C2) - the actual MD5 key (32 bytes)

5. niv=4 iv=(E7,A,8,0) – niv and iv are parameters of the Initialization Vector used to generate

the encryption key

6. crunched iv=(E7,A,8,0,E7,A) – a manipulation of the IV that is used for the actual key

calculation

7. just before calling fwcrypto_do() - a debugging line that says that the actual function that will

do the decryption is about to be called.

8. cookie 0x7E492D0: m=0x5A49600, - the pointers to the data, offset=0, - the offset of IP in

link layer datagram, len=60, - the data length (60 bytes) flen=0 – number of bytes in the first

block of data.