Created attachment 15157 [details]
File captured using enc(4)
Build Information:
ersion 2.2.3 (v2.2.3-0-g57531cd)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.6.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 10, build 14393, with locale English_United
States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based
on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with
Gcrypt 1.6.2, without AirPcap.
AMD FX(tm)-8150 Eight-Core Processor (with SSE4.2), with 16366MB of
physical memory.
Built using Microsoft Visual C++ 12.0 build 40629
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Wireshark can't decapsulate packets captured in "OpenBSD enc(4) encapsulataion"
format. TCPdump can.
tcpdump: listening on enc0, link-type ENC (OpenBSD encapsulated IP), capture
size 1400 bytes
15:25:46.836545 (authentic,confidential): SPI 0xc565caa1: IP (tos 0x0, ttl 63,
id 1179, offset 0, flags [none], proto ICMP (1), length 84, bad cksum 90eb
(->91eb)!)
172.16.67.1 > 172.16.74.1: ICMP echo request, id 57859, seq 0, length 64
15:25:46.836570 (authentic,confidential): SPI 0xc565caa1: IP (tos 0x0, ttl 64,
id 24190, offset 0, flags [none], proto IPIP (4), length 104, bad cksum 0
(->3266)!)
172.16.73.67 > 172.16.72.74: IP (tos 0x0, ttl 63, id 1179, offset 0, flags
[none], proto ICMP (1), length 84)
172.16.67.1 > 172.16.74.1: ICMP echo request, id 57859, seq 0, length 64
15:25:46.859112 (authentic,confidential): SPI 0xc9ed52a9: IP (tos 0x0, ttl 63,
id 3776, offset 0, flags [none], proto IPIP (4), length 104)
172.16.72.74 > 172.16.73.67: IP (tos 0x0, ttl 63, id 7450, offset 0, flags
[none], proto ICMP (1), length 84)
172.16.74.1 > 172.16.67.1: ICMP echo reply, id 57859, seq 0, length 64