Troubleshooting guide
Chapter 2 Troubleshooting Tools VPN-1/FireWall-1 Control Commands
Advanced Technical Reference Guide 4.1 • June 2000 13
9. The actual data in the packet still encrypted (the first 20 is header, then 8 ICMP header, the
rest is the actual data in this packet - ICMP echo request).
10. mdlen=16 – the MD5 checksum length is 16.
md=(B1,8B,69,CA,62,FE,AB,67,79,27,88,55,15,14,7F,B4) the actual MD5 hash - no errors are
reported meaning the data integrity is not compromised.
11. fw_crypt: just after calling cookie_put_data() – a debugging line that shows that the
decrypted data was returned to the cookie
12. cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0 - the data cookies (see line
8).
13. The actual data in clear text, you can compare and see that the first 24 bytes in the
packets on lines 9 and 13 are the same, those are the headers which are not encrypted, the
next 4 are control characters which are encrypted and afterwards the actual data which on the
second packet (line 13) is sequential as it should be in ICMP and on the encrypted packet it is
garbled.
Output
1. fw_crypt_make_md: mdlen=16
md=(5D,44,68,66,CC,68,78,D5,3C,1F,31,A2,50,86,CF,5C)
2. fw_crypt: op=encrypt method=0 md=1 entry=3 len=60 offset=24
3. fw_crypt: cookie=7E492D0, cookie_m=5A49600, packetid=9E01
4. fw_crypt: keybuf=7E86210 keylen=6 keyval=(1E,42,8A,D2,2,52)
5. fw_crypt: mdkeylen=32
mdkey=(61,8F,DF,A4,AB,7C,AA,5E,96,F,53,36,1C,92,B1,47,55,C8,1F,8B,6A,
DE,CB,62,65,FB,51,52,6B,63,4,C2)
6. fw_crypt: niv=4 iv=(1C,4,0,0)
7. fw_crypt: crunched iv=(1C,4,0,0,1C,4)
8. fw_crypt: just before calling fwcrypto_do()
9. cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0
10.. 0:4500003C1C040000FF016225C7CB471E
16: C0 A8 6E 05 00 00 01 5C 02 00 52 00 61 62 63 64
32: 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74
48: 75 76 77 61 62 63 64 65 66 67 68 69
11. fw_crypt: just after calling cookie_put_data()
12. cookie 0x7E492D0: m=0x5A49600, offset=0, len=60, flen=0
13. 0: 45 00 00 3C 1C 04 00 00 FF 01 62 25 C7 CB 47 1E
16: C0 A8 6E 05 00 00 01 5C 61 EB 75 99 12 89 96 AB
32: 80 D8 C2 7B 45 75 FD D6 E9 6E 95 01 31 E8 59 3E
48: FF B6 7D 62 D0 2D 2E 87 A6 6D 84 A9
Explanation 1. mdlen=16 – length of the MD5 checksum is 16 byte
md=(5D,44,68,66,CC,68,78,D5,3C,1F,31,A2,50,86,CF,5C) - the actual MD5 hash
2. op=encrypt - the operation is encryption.
Method=0 - using fwz1 (this is version specific and in this case it is the VPN version)
md=1 - using MD5 data integrity.
entry=3 - a certain entry in the connection table will have a value of 3 meaning it is an initiator
of an encrypted connection (see connection table).
len=60 - the packet length is 60 bytes.
offset=24 – the decryption will start after 24 bytes (the first 24 bytes are IP and part of the
CMP header).
3. Cookie=7E492D0, cookie_m=5A49600, - the cookies are the pointers to the actual data.
Packetid=9E01 - the packet id is greater by one from the previous packet (see line 2 in the
initial information section above).
4. Keybuf=7E86210 - pointer to the encryption key. keylen=6 - the length of the data
encryption key (in bytes). Keyval=(1E,42,8A,D2,2,52) - the actual data encryption key.
5. Mdkeylen=32 – the length of the MD5 key is 32 byte.
Mdkey=(61,8F,DF,A4,AB,7C,AA,5E,96,F,53,36,1C,92,B1,47,55,C8,1F,8B,6A,DE,CB,62,65,FB