IPSec module

From Allegro Network Multimeter Manual
Jump to navigation Jump to search

The IPSec module shows information about IPSec ESP traffic and sequence counter correctness.

Overview

Values about packets, bytes, packets per second and bytes per second of IPSec ESP traffic are shown together with a graph over time. A PCAP button allows for capturing that traffic.

A sequence counter analysis is performed. Several counters provide information about:

  • Sequence number repeated: For two subsequent IPSec ESP packets the sequence number was exactly the same.
  • Sequence number too high: Between two subsequent packets the sequence number did not increase by 1 but with a higher value. This is an indication about a packet loss.
  • Sequence number too low: Between two subsequent packets the sequence number did not increase by 1. The latter packet had a lower value.

Packet loss

Packet loss is detected by using a sliding window of size 64. If out-of-order packets with a sequence number difference less than 64 are seen, they are not (yet) accounted as lost packets. Only if the difference of the sequence numbers between lost packet and current packet becomes larger than 64 (i.e. the not seen sequence number is shifted out of the window), the packet is considered as a loss. At connection end all not seen sequence numbers within that window are also considered as a loss.

Connections

All connections with their source and destination IPs and SPI are shown. Traffic counter, counter about sequence numbers and packet loss are shown together with history graphs.

Retrieved from "https://allegro-packets.com/wiki/index.php?title=IPSec_module&oldid=4008"