fortunately none of the bits or values overlap when swapped, so we can
compare the values in the header with both endians to figure out what's
what.

not great, but a good step on the way to fixing the way the kernel sets
these fields up.

Index: print-enc.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-enc.c,v
diff -u -p -r1.17 print-enc.c
--- print-enc.c	1 Dec 2021 18:28:45 -0000	1.17
+++ print-enc.c	30 Oct 2025 04:31:06 -0000
@@ -46,11 +46,14 @@
 #include "interface.h"
 #include "addrtoname.h"
 
-#define ENC_PRINT_TYPE(wh, xf, nam) \
-	if ((wh) & (xf)) { \
-		printf("%s%s", nam, (wh) == (xf) ? "): " : ","); \
-		(wh) &= ~(xf); \
-	}
+#define ENC_PRINT_TYPE(wh, xf, nam) do { \
+	int xxf = (xf); \
+	xxf |= swap32(xxf); \
+	if ((wh) & (xxf)) { \
+		(wh) &= ~(xxf); \
+		printf("%s%s", nam, (wh) == 0 ? "): " : ","); \
+	} \
+} while (0)
 
 void
 enc_if_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
@@ -90,10 +93,12 @@ enc_if_print(u_char *user, const struct 
 
 	switch (hdr->af) {
 	case AF_INET:
+	case swap32(AF_INET):
 	default:
 		ip_print(p, length);
 		break;
 	case AF_INET6:
+	case swap32(AF_INET6):
 		ip6_print(p, length);
 		break;
 	}