{"draft":"draft-ietf-ipsecme-esp-null-heuristics-07","doc_id":"RFC5879","title":"Heuristics for Detecting ESP-NULL Packets","authors":["T. Kivinen","D. McDonald"],"format":["ASCII","HTML"],"page_count":"32","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IP Security Maintenance and Extensions","abstract":"This document describes a set of heuristics for distinguishing IPsec\r\nESP-NULL (Encapsulating Security Payload without encryption) packets\r\nfrom encrypted ESP packets.  These heuristics can be used on\r\nintermediate devices, like traffic analyzers, and deep-inspection\r\nengines, to quickly decide whether or not a given packet flow is\r\nencrypted, i.e., whether or not it can be inspected.  Use of these\r\nheuristics does not require any changes made on existing IPsec hosts\r\nthat are compliant with RFC 4303.  This document is not an Internet \r\nStandards Track specification; it is published for informational \r\npurposes.","pub_date":"May 2010","keywords":["IPsec","Wrapped ESP (WESP)","deep-inspection","packet inspection"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC5879","errata_url":null}