4Tem
Shouldn’t IPsec be an application layer protocol since it is "over UDP"?
I am reading about IPsec and am confused of what exactly is "IPsec", is it a network layer protocol, or is it a technology that uses involves multiple protocols? All web searches tell me IPsec is a "protocol" that runs on the network layer, if so, how can IPsec runs "over" UDP port 500, since UDP is on the transport layer that is above the network layer?
When look at IPsec traces such as https://www.cloudshark.org/captures/767a93d720ad, the ISAKMP is indeed above UDP, making it an application layer protocol.
If all the negotiation/cipher exchange are done on the application layer, I can't really see why we say IPsec is an network layer protocol, and what exactly does "IPsec over UPD" or "IPsec over TCP" means?
