Hello everybody,
IPSec can be tunneled over a TCP connection; but I've found no way to tell 
ethereal to dissect this. It would allow to use ESP below IP, but that is 
something different :-)
I tried to patch epan/dissectors/packet-ipsec.c to dissect below IP too, but 
I've failed - tethereal dies with
	** ERROR **: file packet.c: line 662 (dissector_add): assertion failed:
	(sub_dissectors)
	aborting...
	Trace/breakpoint trap
I did this by simply appending some lines:
	void
	proto_reg_handoff_ipsec(void)
	{
	  dissector_handle_t esp_handle, ah_handle, ipcomp_handle;
	  data_handle = find_dissector("data");
	  ah_handle = find_dissector("ah");
	  dissector_add("ip.proto", IP_PROTO_AH, ah_handle);
	  esp_handle = find_dissector("esp");
	  dissector_add("ip.proto", IP_PROTO_ESP, esp_handle);
	  ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
	  dissector_add("ip.proto", IP_PROTO_IPCOMP, ipcomp_handle);
+
+	  ah_handle = find_dissector("ah");
+	  dissector_add("tcp.proto", IP_PROTO_AH, ah_handle);
+	  esp_handle = find_dissector("esp");
+	  dissector_add("tcp.proto", IP_PROTO_ESP, esp_handle);
+	  ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
+	  dissector_add("tcp.proto", IP_PROTO_IPCOMP, ipcomp_handle);
	  ip_dissector_table = find_dissector_table("ip.proto");
	}
Please include this option in your next release.
Thank you!
Regards,
Phil