I am trying macsec between computers. Currently, the encryption mode is disabled, the state of the exchanges is categorized as “protected” by macsec.
I got a Wireshark capture from ubuntu to understand the difference between the two.
When doing a ping through the macsec interfaces from a peer to the other and looking at the capture I get these results:
- Ubuntu, Wireshark displays the macsec packet (ping request) and the ICMP frame (ping reply).
- Windows, Wireshark displays both reply and request as ICMP protocol (the 802.1AE tag is still in the packet).
Where can I force Wireshark to display macsec protocol instead of ICMP?
Edit : When the encryption mode is on, windows display macsec packet as it is because he doesn’t know what’s inside.