Suricata

At this moment Suricata detects IKEv2 traffic, but the traffic analysis is little bit complicated.

here is a small illustrated guide for IKEv2

http://www.omnisecu.com/tcpip/ikev2-phase-1-and-phase-2-message-exchanges.php

I added my experimental IKEv2 suricata rules to this task too.

But, Moloch shows (IKEv2_Moloch_Screenshot_20190504_175220.png), in the Suricata section, only the Signatures which detect this traffic.

My proposal is to enhance the Suricata/Moloch plugins to show these parameters of the IKEv2 handshake (IKEv2-EventsList_Screenshot_20190504_175956.png)

ikev2.alg_auth
ikev2.alg_dh
ikev2.alg_enc
ikev2.alg_esn
ikev2.alg_prf
ikev2.errors
ikev2.exchange_type (at this time only numerical string, maybe standard descriprion will be better, like the other parameters)
ikev2.init_spi
ikev2.message_id
ikev2.notify
ikev2.payload
ikev2.resp_spi
ikev2.role
ikev2.version_major
ikev2.version_minor