database logo graphic

RFC 5879

"Heuristics for Detecting ESP-NULL Packets", May 2010

Canonical URL:
This document is also available in this non-normative format: PDF.
T. Kivinen
D. McDonald
ipsecme (sec)

Cite this RFC: TXT  |  XML


Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


This document describes a set of heuristics for distinguishing IPsec ESP-NULL (Encapsulating Security Payload without encryption) packets from encrypted ESP packets. These heuristics can be used on intermediate devices, like traffic analyzers, and deep-inspection engines, to quickly decide whether or not a given packet flow is encrypted, i.e., whether or not it can be inspected. Use of these heuristics does not require any changes made on existing IPsec hosts that are compliant with RFC 4303. This document is not an Internet Standards Track specification; it is published for informational purposes.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Go to the RFC Editor Homepage.