[strongSwan] Why "IV" is sent in null encrypted ESP packet
Martin Willi
martin at strongswan.org
Fri Jun 28 09:43:03 CEST 2013
Hi,
> When I cpature the null encrypted ESP packet (HMAC-sha1 is used for
> authentication), I observed "Initialization vector" of 8 bytes size in
> the ESP header.
No, there is no IV in NULL encrypted packets, Wireshark (or whatever
sniffer you use) is lying to you.
The problem is that just by looking at the ESP packets you don't see
what transforms are used, and therefore you can't know if an IV (or NULL
encryption) is in use. Wireshark assumes there is an IV, even if it is
not.
Regards
Martin
More information about the Users
mailing list