Scribd
Upload
86 views6 pages

IPSec Exercise

This document provides an exercise on analyzing network packet captures related to IP Security (IPSec) protocols. It contains 6 packet captures with accompanying questions to test understanding of IPSec protocols ESP, AH, and ISAKMP. The objective is to familiarize participants with how these protocols function and provide security for IP packets.

Uploaded by

Raviraj Deshmukh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
86 views6 pages

IPSec Exercise

This document provides an exercise on analyzing network packet captures related to IP Security (IPSec) protocols. It contains 6 packet captures with accompanying questions to test understanding of IPSec protocols ESP, AH, and ISAKMP. The objective is to familiarize participants with how these protocols function and provide security for IP packets.

Uploaded by

Raviraj Deshmukh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Course - Network Security (SSZG513)

Topic - IP Security Exercise


Author and Instructor - Vineet Garg

Objective: This worksheet has few Wireshark capture screenshots and few
questions associated with each one of them. Participants needs to answer the
questions. The objective of the worksheet is to provide familiarity with IPSec
protocols (ESP and AH) as well as ISAKMP (IKEv2).

Capture-1

Questions related to capture-1

I. Which version of IP protocol is being used?


II. What protocol is running over IP? Name the protocol.
III. If IPSec is being used, what mode of the protocol is - tunnel mode or
transport mode? Justify your answer.
IV. What security header fields of IP Sec protocol are visible?
V. As part of IPSec, which count this IP datagram has?
a. How do you know that? Justify your answer.
VI. What is the size of ESP SPI field in bits?
a. Does it match with your theoretical understanding?

BITS Pilani Work Integrated Learning Programme (WILP)


Page 1 of 6, Rev-1.0
Course - Network Security (SSZG513)
Topic - IP Security Exercise
Author and Instructor - Vineet Garg

Capture-2

Questions related to capture-2

I. Which transport protocol is being used and on what ports?


II. Identify the protocol and its version which is running over the transport
protocol you have identified in the first question .
III. What is the size of initiator and responder SPI fields in bits?
a. Do they match with your theoretical understanding?
b. Is this size different from ESP SPI size?
c. Is there any correlation of ESP SPI with these SPI values?
IV. What message is being carried with the protocol?
a. Is it from initiator or responder?
V. There are 5 payload fields in the message. Why aren't they encrypted?
VI. Do you think sequence number (SN) field is missing in this protocol?
Review the ISAKMP protocol header and answer.
VII. In which payload type supported encryption algorithms would be
present?

BITS Pilani Work Integrated Learning Programme (WILP)


Page 2 of 6, Rev-1.0
Course - Network Security (SSZG513)
Topic - IP Security Exercise
Author and Instructor - Vineet Garg

Capture-3

Questions related to capture-3

I. What message (exchange type) is being carried over the ISAKMP


protocol?
II. What is the purpose of this exchange type?
III. Type Payload field contains encrypted data. How initiator and responder
negotiated for the encryption algorithm.
IV. In place of SPI, ISAKMP protocol is calling cookie in the header fields.
What is it? (answer - older RFCs which are obsolete by RFC7296 used to
call ISAKMP SPI as cookie before)
V. How cookie/SPI values are selected and how they avoid clogging
attacks? Review section-2.6 of RFC-7296.

BITS Pilani Work Integrated Learning Programme (WILP)


Page 3 of 6, Rev-1.0
Course - Network Security (SSZG513)
Topic - IP Security Exercise
Author and Instructor - Vineet Garg

Capture-4

Questions related to capture-4

I. What IPSec protocol is being used?


II. Why two Internet Protocol Version 4 datagram are packed one inside
another? What does it tell you?
III. Nothing seems to be encrypted here. What kind of IP Security is it?
Justify your answer.
IV. If this is an IP Secure datagram what initiator is trying to do?

BITS Pilani Work Integrated Learning Programme (WILP)


Page 4 of 6, Rev-1.0
Course - Network Security (SSZG513)
Topic - IP Security Exercise
Author and Instructor - Vineet Garg

Capture-5

Questions related to capture-5

I. In the shown IKEv2 (ISAKMP) message which Exchange Type is it?


II. The payload is encrypted but it is being shown after decryption also
(Wireshark supports it). What is the Type Payload inside Encrypted and
Authenticated Type Payload?
III. What is being done with this message?

BITS Pilani Work Integrated Learning Programme (WILP)


Page 5 of 6, Rev-1.0
Course - Network Security (SSZG513)
Topic - IP Security Exercise
Author and Instructor - Vineet Garg

Capture-6

Questions related to capture-6

I. How ESP is packed inside AH?


a. What is being attempted?
b. Draw a block level protocol diagram for it.
II. What all will be authenticated and what all will be encrypted through
this arrangement of IPSec protocol? Explain through your protocol block
level diagram.

BITS Pilani Work Integrated Learning Programme (WILP)


Page 6 of 6, Rev-1.0

You might also like