When AH is generated with Scapy Security Association
, Wireshark does not show the protocol type as AH and only displays the inner IP protocol in the packet listing.
from scapy.all import *
from scapy.layers.ipsec import *
from scapy.layers.ipsec import SecurityAssociation, AH
p = IP(src='192.168.100.6', dst='192.168.100.4')
p /= TCP(sport=45012, dport=80)
p /= Raw('testdata')
p = IP(raw(p))
p
sa = SecurityAssociation(AH, spi=0x222,
auth_algo='SHA2-256-128', auth_key=b'secret key',
tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
e = sa.encrypt(p)
response = sr1(e, iface="enp0s3", timeout=2)
Wireshark Capture
Is there any way to see AH mode correctly as well as the outer IP packet in AH. ESP seems to be OK in this regard.