Web tests send standard HTTP requests which are always contained within TCP segments (packets). If your network is using IPSec, an ESP packet will contain the TCP segment and an IP datagram (packet) will contain the ESP packet. Without IPSec, the IP datagrams will directly contain the TCP segments.
What I think you're seeing is that netmon 2.x doesn't know how to crack open the ESP packet to show you the TCP and then HTTP contents within it. I'm not sure if WireShark/Ethereal can do that, but you might want to give that a try instead of netmon 2.x. I know netmon 3.0 lets you dig into ESP packets, but it's not yet released.
What are you trying to do with the raw data sent by a web test Maybe there's a better way to do it.
Josh
|