[strongSwan] Why "IV" is sent in null encrypted ESP packet

Martin Willi martin at strongswan.org
Fri Jun 28 09:43:03 CEST 2013


> When I cpature the null encrypted ESP packet (HMAC-sha1 is used for
> authentication), I observed "Initialization vector" of 8 bytes size in
> the ESP header.

No, there is no IV in NULL encrypted packets, Wireshark (or whatever
sniffer you use) is lying to you.

The problem is that just by looking at the ESP packets you don't see
what transforms are used, and therefore you can't know if an IV (or NULL
encryption) is in use. Wireshark assumes there is an IV, even if it is


More information about the Users mailing list