Select Page

IPsec VPN Data Plane Packets

by | 9-May-2021 | Cisco, Security, VPN

(1) The ESP Packet Construction Overview

  • Total frame size = 174 bytes
    • 14 bytes of “Ethernet header”
    • 20 bytes of “IP header”
    • 54 bytes of “ESP header”
    • 20 bytes of “IP header”
    • 8 bytes of “ICMP header”
    • 78 bytes of “ICMP data”
  • 3DES use block cipher algorithms so require their input to be an exact multiple of the block size (8 bytes)
    • ESP Padding = 0-7 bytes
  • Why ethernet is only 14 bytes, instead of 18 bytes?
    • FCS (4 bytes) is missing and it didn’t supplied to the packet capture program (Wireshark)
    • Most OS (driver) doesn’t support capturing the FCS of a frame on Ethernet

(2) The data plane comparison (ESP, 3DES, MD5-HMAC)

Recent Comments

    0 Comments

    Submit a Comment

    Your email address will not be published. Required fields are marked *