Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.
IPSec Authentication Header (AH)
(Page 3 of 4)
IPv4 Authentication Header Placement and Linking
A method that is similar to the IPv6
header linking technique is employed. In an IPv4 datagram, the Protocol
field indicates the identity of the higher layer protocol (typically
TCP or UDP) carried in the datagram. As such, this field points
to the next header, which is at the front of the IP payload. AH takes
this value and puts it into its Next Header field, and then places
the protocol value for AH itself (51 decimal) into the IP Protocol
field. This makes the IP header point to the AH, which then
points to whatever the IP datagram pointed to before.
Again, in transport mode, the authentication
header is added after the main IP header of the original datagram; in
tunnel mode it is added after the new IP header that encapsulates the
original datagram being tunneled. This is shown in Figure 122.
Figure 122: IPv4 Datagram Format With IPSec Authentication Header (AH)
At top is an example IPv4 datagram; it may or may not contain IPv4 options (which are not distinct entities as they are in IPv6). In transport mode, the authentication header is added between the IP header and the IP data; the Protocol field of the IP header points to it, while its Next Header field contains the IP headers prior protocol value (in this case 6, for TCP.) In tunnel mode the IPv4 datagram is encapsulated into a new IPv4 datagram that includes the AH header. Note in tunnel mode, the AH headers use of the value 4 (which means IPv4) in its Next Header.
Key Concept: The IPSec Authentication Header (AH) protocol allows the recipient of a datagram to verify its authenticity. It is implemented as a header added to an IP datagram that contains an integrity check value computed based on the values of the fields in the datagram. This value can be used by the recipient to ensure that the data has not been changed in transit. The Authentication Header does not encrypt data and thus does not ensure the privacy of transmissions.
|If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!|
Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.