Changes
/* Decrypt the traffic */
Analysing the traffic capture, we can find IPSec encrypted traffic between two endpoints 10.13.38.122 and 10.13.37.70. Fortunately, the Fortinet debug output gives us the session keys that can be used to decrypt ESP traffic directly in wireshark.
[[File:Screenshot_2018-03-24_12-29-48.png|frame|100px|none|alt=|Configuring ESP SAs]]
[[File:Screenshot_2018-03-24_20-58-36.png|frame|100px|none|alt=|Configuring IKEv1 Decryption Table]]
This packet shows us the actual target of this challenge:
