[Wylug-help] Ethernet Type Codes for IPSEC
James Holden (Wylug)
wylug at jamesholden.net
Tue Dec 2 18:55:42 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Jackson wrote:
[snip]
|>James reckons that ESP still uses 0800 - which is going to make
|>filtering it a bit hard...
|>
|
|
| ESP is the IP protocol field. From rfc1700
|
| 50 SIPP-ESP SIPP Encap Security Payload [Steve Deering]
|
| 800 is the ethernet protocol field for an IP packet. These are different
| fields in different parts of a packet.
|
Yes. That's what I meant. Well I knew what I was on about anyway ;-)
800 is the ethertype for all IP packets (UPD/TCP/ICMP/whatever). 50 is
the IP protocol for ESP, with 6 for TCP and 7 for UDP IIRC. Different
bit of the packet entirely.
You couldn't filter this at layer 2, where bridges operate. You'd need
to look at the packets at layer 3 (ie: with an IP router).
James
- --
James Andrew Holden, Leeds, UK (james at jamesholden dot net)
GPG Key: 1024D/8358863A *Please encrypt mail where possible!*
Fingerprint: 32C9 A76F 3CFE A06C 1B00 5AAB 9877 4742 8358 863A
jamesholden.net Buy Linux CDs here: http://fastdiscs.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/zOAumHdHQoNYhjoRAt6qAJ0bevO0zpdMMCVkgcY8kvqwS32viQCggSgw
20QK4/ME33DthJP3LNaaVBA=
=tItm
-----END PGP SIGNATURE-----
More information about the Wylug-help
mailing list