In IPsec, which protocol numbers identify ESP and AH in the IP header?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

In IPsec, which protocol numbers identify ESP and AH in the IP header?

Explanation:
In IP headers, the Protocol field (IPv4) or Next Header field (IPv6) identifies what the IP payload is. For IPsec, the two possible payload formats are ESP and AH, identified by specific protocol numbers: Encapsulating Security Payload uses 50, and Authentication Header uses 51. So seeing 50 means the payload is ESP, and 51 means the payload is AH. The other numbers correspond to non-IPsec protocols (for example, 6 is TCP and 17 is UDP, while 100/101 are not standard IPsec identifiers).

In IP headers, the Protocol field (IPv4) or Next Header field (IPv6) identifies what the IP payload is. For IPsec, the two possible payload formats are ESP and AH, identified by specific protocol numbers: Encapsulating Security Payload uses 50, and Authentication Header uses 51. So seeing 50 means the payload is ESP, and 51 means the payload is AH. The other numbers correspond to non-IPsec protocols (for example, 6 is TCP and 17 is UDP, while 100/101 are not standard IPsec identifiers).

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy