V

Next Header: protocol number of the next header after AH [8 bits]

Payload Length: length of the authentication header itself (despite the confusing title, it is not the payload length) measured in full words (32-bit units) [8 bits]

Reserved. [16 bits]

Security Parameters Index (SPI) 32 bit value. Combined with DST and security protocol type to identify the security association (SA) used for this packet. [32 bits]

Sequence Number: (monotonically increasing from 0) that uniquely identifies packet within a particular SA. [32 bits]

Authentication Data (integrity check value). Result of the hashing algorithm applied by the AH protocol [variable]

---

Encapsulating Security Payload (ESP) Packet Format

legend

ESP Header (authenticated)

ESP Payload (encrypted)

ESP Trailer (encrypted)

0	1	2	3	4	5	6	7	0	1	2	3	4	5	6	7	0	1	2	3	4	5	6	7	0	1	2	3	4	5	6	7
Security Parameter Index (SPI)
Sequence Number
ESP Payload Data (variable length)
ESP Trailer Padding(variable length: 0 - 255 bits)
ESP Trailer Padding (cont'd)																Pad Length								Next Header #
ESP Authentication Data (variable length)

SPI: 32 bit value. Combined with DST and security protocol type to identify the security association (SA) used for this packet. [32 bits]

Sequence Number : Counter field >=0. Incremented for each datagram composed under the current SA. [32 bits]

ESP Payload Data . Encrypted payload consisting of a higher-layer message or encapsulated IP datagram and support information used in the encryption. [variable]

ESP Trailer/Padding: Padding bytes included as needed for encryption or alignment. [variable]

Pad Length: # bytes in the preceding pad. [8 bits]

Next Header: Protocol number of the next header in the packet. [8 bits]

ESP Authentication Data (intecrity check value). COntains the ICV resulting from the application of the ESP authentication algorithm. [variable]