[ipv6hackers] Quiz: Weird IPv6 Traffic on the Local Network

Matěj Grégr igregr at fit.vutbr.cz
Wed Feb 17 10:16:27 CET 2016 

https://www.famkruithof.net/4006ipv6prefix.html

M.

On 02/17/2016 12:21 AM, Fernando Gont wrote:
> Folks,
> 
> For your own entertainment:
> <http://blog.si6networks.com/2016/02/quiz-weird-ipv6-traffic-on-local-network.html>
> 
> 
> Ugly plain-text version (much better/easier to read it from the blog,
> but...):
> 
> ---- cut here ----
> Quiz: Weird IPv6 Traffic on the Local Network
> 
> One thing that I enjoy a lot is capturing network traffic to
> subsequently try to figure out whether the captured traffic makes any
> sense -- you learn a lot that way.
> 
> The following packet was shared with me by Timo Hilbrink during the 10th
> Slovenian IPv6 Summit.
> 
> The quiz consists in explaining the packet trace bellow.
> 
> Actors:
> 
> * Apple iOS 8.3
> * Fritz!Box CPE
> 
> 
> The "Crime Scene" (tcpdump packet trace):
> 
> Two packets:
> 
> 19:00:02.246726 IP6 truncated-ip6 - 16011 bytes missing!(class 0x50,
> flowlabel 0x00040,
> hlim 0, next-header unknown (64) payload length: 16035)
> 4006:a0bd:c0a8:b229:40e9:a79c:f129:50 > f141:8159::b002:ffff:32fc:0:
> ip-proto-64
> 16035
> 19:00:02.252529 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 256)
> fe80::be05:43ff:feea:be92 > ip6-allnodes: [icmp6 sum ok] ICMP6, router
> advertisement, length 256
> hop limit 255, Flags [other stateful], pref high, router lifetime 1800s,
> reachable time
> 0s, retrans time 0s
> prefix info option (3), length 32 (4): 4006:a0bd:c0a8:b229::/64, Flags
> [onlink, auto],
> valid time 7200s, pref. time 0s
> prefix info option (3), length 32 (4): 4006:11b:c0a8:b229::/64, Flags
> [onlink, auto],
> valid time 6973s, pref. time 0s
> prefix info option (3), length 32 (4): 4006:3e38:c0a8:b229::/64, Flags
> [onlink, auto],
> valid time 6972s, pref. time 0s
> prefix info option (3), length 32 (4): 2001:980:376d:1::/64, Flags
> [onlink, auto], valid
> time 6603s, pref. time 3600s
> rdnss option (25), length 24 (3): lifetime 1200s, addr:
> fd00::be05:43ff:feea:be92
> mtu option (5), length 8 (1): 1500
> unknown option (24), length 8 (1):
> 0x0000: 0008 0000 0708
> 
> 
> So... can you explain what this packet trace is all about?
> 
>   -- Fernando Gont
> ---- cut here ----
> 
> Thanks!
> 
> Cheers,
>

More information about the Ipv6hackers mailing list