This wiki has been migrated to and is now deprecated. Please use that site instead.

ESP (Encapsulating Security Payload)

ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. Currently ESP is mainly described by the following RFCs:

The Algorithms to use and their requirements are described in RFC4305: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), D. Eastlake 3rd, December 2005, PROPOSED STANDARD.

You also may use some other Cryptographic Algorithms (have a look at the IANA for some other examples).

ESP Algorithms (RFC 4305)

The ESP Format is the following:

    0                   1                   2                   3    
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1    
    |               Security Parameters Index (SPI)                 |
    |                      Sequence Number                          |
    |                    Payload Data (variable)                    |
    ~                                                               ~
    |                                                               |
    +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |               |     Padding (0-255 bytes)                     |
    +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                               |  Pad Length   | Next Header   |
    |                 Authentication Data (variable)                |
    ~                                                               ~
    |                                                               |

ESP Requierements

The followings tables RFC4305 list Encryption and Authentication algorithms for the IPsec Encapsulating Security Payload protocol.

Requirement    Encryption Algorithm (notes)
-----------    --------------------
MUST           NULL (1)
MUST-          TripleDES-CBC [RFC2451]
SHOULD+        AES-CBC with 128-bit keys [RFC3602]
SHOULD         AES-CTR [RFC3686]
SHOULD NOT     DES-CBC [RFC2405] (3)

Requirement    Authentication Algorithm (notes)
-----------    ------------------------
MUST           HMAC-SHA1-96 [RFC2404]
MUST           NULL (1)
SHOULD+        AES-XCBC-MAC-96 [RFC3566]
MAY            HMAC-MD5-96 [RFC2403] (2)


(1) Since ESP Encryption and Authentication are optional, support
    for the two "NULL" algorithms is required to maintain consistency
    with the way these services are negotiated.  Note that while
    Authentication and Encryption can each be "NULL", they MUST NOT
    both be "NULL".
(2) Weaknesses have become apparent in MD5; however, these should not
    affect the use of MD5 with HMAC.
(3) DES, with its small key size and publicly demonstrated and
    open-design special-purpose cracking hardware, is of questionable
    security for general use.


ESP dissector is fully functional. If libgcrypt was linked with Wireshark, Wireshark provides some advanced features such as Decryption of ESP Payloads and/or Authentication Checking.

Currently it takes into account following encryption Algorithms :

It also permit to check Authentication for following Algorithms :

Preference Settings

To be able to decrypt ESP Payload or check ESP Authenticator, you need to give corresponding elements to the ESP Preferences Menu of Wireshark (cf ESP_Preferences).

Example capture file

Some Examples capture files with the Security Associations used are available Here :