diff --git a/sbotc.c b/sbotc.c
index 250e55d..23e28c8 100644
--- a/sbotc.c
+++ b/sbotc.c
@@ -453,6 +453,16 @@ static void increment_nonce(uint8_t nonce[24]) {
 	if (i >= 0) nonce[i]++;
 }
 
+static void bs_write_end_box(struct boxs *bs) {
+	unsigned char boxed[34];
+	int rc = crypto_secretbox_easy(boxed, zeros, 18, bs->nonce1, bs->encrypt_key);
+	if (rc < 0) errx(1, "failed to box packet end header");
+	increment_nonce(bs->nonce1);
+	increment_nonce(bs->nonce2);
+	rc = write_all(bs->s, boxed, 34);
+	if (rc < 0) err(1, "failed to write boxed end header");
+}
+
 static void bs_write_packet(struct boxs *bs, const unsigned char *buf, uint16_t len) {
 	size_t boxed_len = len + 34;
 	unsigned char boxed[boxed_len];
@@ -471,6 +481,12 @@ static void bs_write_packet(struct boxs *bs, const unsigned char *buf, uint16_t
 	if (rc < 0) err(1, "failed to write boxed packet");
 }
 
+static void bs_end(struct boxs *bs) {
+	if (!bs->noauth) {
+		bs_write_end_box(bs);
+	}
+}
+
 static int bs_read_packet(struct boxs *bs, void *buf, size_t *lenp) {
 	unsigned char boxed_header[34];
 	struct boxs_header header;
@@ -1045,6 +1061,7 @@ do_tcp_connect:
 			break;
 	}
 
+	bs_end(&bs);
 	close(s);
 	return rc;
 }