- Security Parameters Index (32 bits)
- Arbitrary value used (together with the destination IP address) to identify the security association of the receiving party.
- Sequence Number (32 bits)
- A monotonically increasing sequence number (incremented by 1 for every packet sent) to protect against replay attacks. There is a separate counter kept for every security association.
- Payload data (variable)
- The protected contents of the original IP packet, including any data used to protect the contents (e.g. an Initialisation Vector for the cryptographic algorithm). The type of content that was protected is indicated by the Next Header field.
- Padding (0-255 octets)
- Padding for encryption, to extend the payload data to a size that fits the encryption's cipher block size, and to align the next field.
- Pad Length (8 bits)
- Size of the padding (in octets).
- Next Header (8 bits)
- Type of the next header. The value is taken from the list of IP protocol numbers.
- Integrity Check Value (multiple of 32 bits)
- Variable length check value. It may contain padding to align the field to an 8-octet boundary for IPv6, or a 4-octet boundary for IPv4.