-model/3---network-layer/routed-protocols/internet-protocol-security-(ipsec)/ipsec---encapsulating-security-payload-(esp)/ipsec-esp-modes.png)
-model/3---network-layer/routed-protocols/internet-protocol-security-(ipsec)/ipsec---encapsulating-security-payload-(esp)/ipsec-esp-format.png)
|
Section |
Field Name |
Size (bytes) |
Description |
Encryption Coverage |
Authentication Coverage |
|---|---|---|---|---|---|
|
ESP Header |
SPI |
4 |
Security Parameter Index (SPI): A 32-bit value that is combined with the destination address and security protocol type to identify the security association to be used for this datagram. See the topic on security associations for more details. |
NO |
from SPI to Next Header |
|
Sequence Number |
4 |
Sequence Number: A counter field initialized to zero when a security association is formed between two devices, and then incremented for each datagram sent using that SA. This is used to provide protection against replay attacks. | |||
|
Payload Data |
Variable |
Payload Data: The encrypted payload data, consisting of a higher layer message (e.g. TCP) or encapsulated IP packet/datagram. May also include support information such as an initialization vector, required by certain encryption methods. |
from Payload to Next Header | ||
|
ESP Trailer |
Padding |
Variable (0 to 255) |
Padding: Additional padding bytes included as needed for encryption or for alignment. | ||
|
Pad Length |
1 |
Pad Length: The number of bytes in the preceding Padding field. | |||
|
Next Header |
1 |
Next Header: Contains the protocol number of the next header in the datagram. Used to chain together headers. | |||
|
ESP |
Variable |
ESP Authentication Data: This field contains the Integrity Check Value (ICV) resulting from the application of the optional ESP authentication algorithm. |
NO |
NO | |