The ESP transport mode encrypts the host-to-host layer of the TCP/IP model, including the data area of the packet, however, information still passes the actual source and destination IP addresses in the clear.

On the other hand, if a hacker sniffs a copy of a packet sent using IPSec ESP transport mode, everything, including the username, password, and files, would be encrypted.