FreeBSD tcpdump on enc0 doesn't show any traffic

FreeBSD supports enc0 pseudo interface (kernel "device enc") that is used for ipsec tunnels. The external interface will show encrypted traffic and enc0 interface will show unencrypted traffic.

If tcpdump doesn't show any packets on enc0 interface, that is most probably because it is not up. Example:

Code:

[root@host]# ifconfig enc0
enc0: flags=0<> metric 0 mtu 1536
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Bring up the interface and you will start seeing packets with tcpdump:

Code:

[root@host]# ifconfig enc0 up
[root@host]# ifconfig enc0
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
[root@host]# tcpdump -nni enc0
tcpdump: WARNING: enc0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enc0, link-type ENC (OpenBSD encapsulated IP), capture size 65535 bytes
12:45:11.083481 (authentic,confidential): SPI 0x0f9d1bcb: IP 10.1.20.1 > 10.1.20.2: IP 172.16.3.1 > 172.16.3.2: ICMP echo request, id 6434, seq 556, length 64 (ipip-proto-4)
12:45:12.095905 (authentic,confidential): SPI 0x0f9d1bcb: IP 10.1.20.1 > 10.1.20.2: IP 172.16.3.1 > 172.16.3.2: ICMP echo request, id 6434, seq 557, length 64 (ipip-proto-4)
12:45:13.108132 (authentic,confidential): SPI 0x0f9d1bcb: IP 10.1.20.1 > 10.1.20.2: IP 172.16.3.1 > 172.16.3.2: ICMP echo request, id 6434, seq 558, length 64 (ipip-proto-4)