This is our old Q&A Site. Please post any new questions and answers at

Good afternoon,

I'm trying to look inside a EIGRP Update packet that is encapsulated over a DMVPN solutions (GRE and ESP with ESP-NULL set). For whatever reason the Data part of the EIGRP is garbage.

Any ideas how to fix this problem? Does Wireshark have a limitation on how far it can look inside an IP packet?

Thanks G.

asked 13 Oct '11, 11:54

calin_112's gravatar image

accept rate: 0%

edited 13 Oct '11, 11:56

Same problem with EIGRP over GRE.

(13 Oct '11, 13:08) calin_112

Hi, From dev mailing list Hi, I'm looking at en NULL encrypted ESP payload, trying to display it in Wireshark, in order to do so The preferences "Attempt to detect/decode NULL encrypted ESP payloads" must be "ticked" ( No supprise) "Attempt to detect/decode encrypted ESP payloads" must be "un-ticked" is that realy corrrect? Or should this patch be applied?

C:\wireshark\trunk>svn diff
Index: epan/dissectors/packet-ipsec.c
--- epan/dissectors/packet-ipsec.c      (revision 889)
+++ epan/dissectors/packet-ipsec.c      (working copy)
@@ -1099,8 +1099,7 @@

   /* The SAD is not activated */
-  if(g_esp_enable_null_encryption_decode_heuristic &&
-    !g_esp_enable_encryption_decode)
+  if(g_esp_enable_null_encryption_decode_heuristic)
     null_encryption_decode_heuristic = TRUE;

   if(g_esp_enable_encryption_decode || g_esp_enable_authentication_check)
permanent link

answered 13 Oct '11, 14:44

Anders's gravatar image

Anders ♦
accept rate: 17%

edited 14 Oct '11, 05:47

multipleinterfaces's gravatar image


Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 13 Oct '11, 11:54

question was seen: 1,969 times

last updated: 14 Oct '11, 05:47

p​o​w​e​r​e​d by O​S​Q​A