This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 24 and 28 (spanning 4 versions)
Revision 24 as of 2006-06-05 03:19:17
Size: 1292
Editor: localhost
Comment:
Revision 28 as of 2008-04-12 17:51:29
Size: 1524
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
The currently used version of IPsec (or more specifically IKE) is version 1, which is specified in RFCs
2401-2412 (plus some more).
 
Version 2 of IPsec is mainly described by the three following RFCs. Note though, that there are very few products that already implement IPsec version 2.
Line 8: Line 12:
Currently IPsec is mainly described by the three following RFCs:  * [[http://www.ietf.org/rfc/rfc4301.txt|RFC4301]], Security Architecture for the Internet Protocol, S. Kent, K. Seo, December 2005, PROPOSED STANDARD.
Line 10: Line 14:
 * [http://www.ietf.org/rfc/rfc4301.txt RFC4301], Security Architecture for the Internet Protocol, S. Kent, K. Seo, December 2005, PROPOSED STANDARD.  * [[http://www.ietf.org/rfc/rfc4302.txt|RFC4302]], IP Authentication Header, S. Kent, December 2005, PROPOSED STANDARD.
Line 12: Line 16:
 * [http://www.ietf.org/rfc/rfc4302.txt RFC4302], IP Authentication Header, S. Kent, December 2005, PROPOSED STANDARD.  * [[http://www.ietf.org/rfc/rfc4303.txt|RFC4303]], IP Encapsulating Security Payload (ESP), S. Kent, December 2005, PROPOSED STANDARD.
Line 14: Line 18:
 * [http://www.ietf.org/rfc/rfc4303.txt RFC4303], IP Encapsulating Security Payload (ESP), S. Kent, December 2005, PROPOSED STANDARD.

The Algorithms to use and their requirements are described in [http://www.ietf.org/rfc/rfc4305.txt RFC4305]: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (["ESP"]) and Authentication Header (["AH"]), D. Eastlake 3rd, December 2005, PROPOSED STANDARD.
The Algorithms to use and their requirements are described in [[http://www.ietf.org/rfc/rfc4305.txt|RFC4305]]: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload ([[ESP]]) and Authentication Header ([[AH]]), D. Eastlake 3rd, December 2005, PROPOSED STANDARD.
Line 21: Line 23:
If linked with Libcrypt Wireshark provides some advanced features such as Decryption of ESP Payloads and/or Authentication Checking. see ["ESP_Preferences"] If linked with Libcrypt Wireshark provides some advanced features such as Decryption of ESP Payloads and/or Authentication Checking. see [[ESP_Preferences]]

IPsec (Internet Protocol Security)

A set of protocols developed by the IETF to support secure exchange of packets at the IP layer.

IPsec Algorithms And Keys

The currently used version of IPsec (or more specifically IKE) is version 1, which is specified in RFCs 2401-2412 (plus some more).

Version 2 of IPsec is mainly described by the three following RFCs. Note though, that there are very few products that already implement IPsec version 2.

  • RFC4301, Security Architecture for the Internet Protocol, S. Kent, K. Seo, December 2005, PROPOSED STANDARD.

  • RFC4302, IP Authentication Header, S. Kent, December 2005, PROPOSED STANDARD.

  • RFC4303, IP Encapsulating Security Payload (ESP), S. Kent, December 2005, PROPOSED STANDARD.

The Algorithms to use and their requirements are described in RFC4305: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), D. Eastlake 3rd, December 2005, PROPOSED STANDARD.

You also may use some other Cryptographic Algorithms (have a look at the IANA for some other examples).

Wireshark

If linked with Libcrypt Wireshark provides some advanced features such as Decryption of ESP Payloads and/or Authentication Checking. see ESP_Preferences

Is this true for Win32? UlfLamping

IPsec (last edited 2008-04-12 17:51:29 by localhost)