IPSec: encrypted IP packet

• IPSec packet format:

• The problem of Snoop over IPSec:

  • Snoop needs to access the higher layer (TCP) packet header
    • ACK sequence number.
    • Packet sequence number.

Ipsec_seqno

Tcp_seqno

Pkt_type

….

Data load

….

IV

ACK no

encrypted

Previous slide

Next slide

Back to first slide

View graphic version