Encapsulation
Peter Wu
peter at lekensteyn.nl
Thu Mar 2 17:58:17 CET 2017
On Wed, Mar 01, 2017 at 05:38:01PM -0800, Daniel Kahn Gillmor wrote:
> On Wed 2017-03-01 16:38:05 -0800, James Wilson wrote:
> > Hi,
> >
> > Just out of curiosity, how does a "wireguard packet' look like on the wire
> > ??
> >
> > I'm guessing:
> >
> > Ethernet
> > IP
> > UDP
> > |------------------|
> > | IP |
> > | WG payload |
> > |------------------|
> >
> >
> > What's in the box is encrypted
> >
> > Is that right ?? If not, what does it look like?
>
> I believe the cleartext (after decryption) is an actual IP packet, so
> everything from layer3 up the stack.
It is more like:
Ethernet
IP (to WireGuard peer)
UDP (UDP payload is as follows:)
WireGuard header (type, counter)
Packet (encrypted, decrypted contents are as follows:)
IP (original)
(IP payload like ICMP, TCP, etc.)
If it helps, see this picture of the packet dissection for an ICMP
packet tunneled over WireGuard: https://i.imgur.com/MzubvX3.png
> If anyone wants to document this sort of thing explicitly in a useful
> way, you might consider writing a wireshark dissector:
As you can see above I have already been working on one and will publish
it soon after adding some documentation. :-)
--
Kind regards,
Peter Wu
https://lekensteyn.nl
More information about the WireGuard
mailing list