Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.
IPSec Encapsulating Security Payload (ESP)
(Page 3 of 4)
2. Trailer Calculation and Placement
The ESP Trailer is appended
to the data to be encrypted. ESP then performs the encryption. The payload
(TCP/UDP message or encapsulated IP datagram) and the ESP trailer are
both encrypted, but the ESP Header is not. Note again that any
other IP headers that appear between the ESP header and the payload
are also encrypted. In IPv6 this can include a Destination Options
Normally, the Next Header
field would appear in the ESP header and would be used to link the ESP
header to the header that comes after it. However, the Next Header
field in ESP appears in the trailer and not the header, which makes
the linking seem a bit strange in ESP. The method is the same as that
used in AH and in IPv6 in general, with the Next Header and/or
Protocol fields used to tie everything together. However, in
ESP the Next Header field appears after the encrypted
data, and so points back to one of the following: a Destination
Options extension header (if present), a TCP/UDP header (in transport
mode) or an IPv4/IPv6 header (in tunnel mode). This too is shown in
and Figure 125.
3. ESP Authentication Field Calculation and Placement
If the optional ESP authentication
feature is used, the authentication field is computed over the entire
ESP datagram (except the Authentication Data field itself, of
course). This includes the ESP header, payload and trailer.
Key Concept: The IPSec Encapsulating Security Payload protocol allows the contents of a datagram to be encrypted, to ensure that only the intended recipient is able to see the data. It is implemented using three components: an ESP Header added to the front of a protected datagram, an ESP Trailer that follows the protected data, and an optional ESP Authentication Data field that provides authentication services similar to those provided by the Authentication Header (AH).
|If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!|
Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.