Open
Description
14:49:07.155314 IP 10.10.4.164 > 10.10.4.165: ESP(spi=0xe8415058,seq=0x10), length 148
14:49:07.155314 IP6 , wrong link-layer encapsulationbad-hlen 0
14:49:07.155401 IP6 fd68:c9f9:4157::a0a:4a4 > fd68:c9f9:4157:2:0:1:808:808: ICMP6, echo request, seq 11, length 64
This is one packet, which due to the way netkey ESP (xfrm) works, is passed by the libpcap capture point twice, but in this case, it seems to result in three packets seen. This is IPv6 over ESP over IPv4 traffic. Note that Jool is also involved.