[ipv6hackers] Quiz: Weird IPv6 Traffic on the Local Network

Thorsten.Trottier at t-systems.com Thorsten.Trottier at t-systems.com
Wed Feb 17 16:39:21 CET 2016

Hi Fernando,
Google was my friend: https://www.famkruithof.net/4006ipv6prefix.html
explains pretty well what's going on.
Best regards

-----Ursprüngliche Nachricht-----
Von: Ipv6hackers [mailto:ipv6hackers-bounces at lists.si6networks.com] Im Auftrag von Fernando Gont
Gesendet: Dienstag, 16. Februar 2016 23:59
An: IPv6 Hackers Mailing List
Betreff: [ipv6hackers] Quiz: Weird IPv6 Traffic on the Local Network


For your own entertainment:

Ugly plain-text version (much better/easier to read it from the blog,

---- cut here ----
Quiz: Weird IPv6 Traffic on the Local Network

One thing that I enjoy a lot is capturing network traffic to subsequently try to figure out whether the captured traffic makes any sense -- you learn a lot that way.

The following packet was shared with me by Timo Hilbrink during the 10th Slovenian IPv6 Summit.

The quiz consists in explaining the packet trace bellow.


* Apple iOS 8.3
* Fritz!Box CPE

The "Crime Scene" (tcpdump packet trace):

Two packets:

19:00:02.246726 IP6 truncated-ip6 - 16011 bytes missing!(class 0x50, flowlabel 0x00040, hlim 0, next-header unknown (64) payload length: 16035) 4006:a0bd:c0a8:b229:40e9:a79c:f129:50 > f141:8159::b002:ffff:32fc:0:
19:00:02.252529 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 256)
fe80::be05:43ff:feea:be92 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 256 hop limit 255, Flags [other stateful], pref high, router lifetime 1800s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 4006:a0bd:c0a8:b229::/64, Flags [onlink, auto], valid time 7200s, pref. time 0s prefix info option (3), length 32 (4): 4006:11b:c0a8:b229::/64, Flags [onlink, auto], valid time 6973s, pref. time 0s prefix info option (3), length 32 (4): 4006:3e38:c0a8:b229::/64, Flags [onlink, auto], valid time 6972s, pref. time 0s prefix info option (3), length 32 (4): 2001:980:376d:1::/64, Flags [onlink, auto], valid time 6603s, pref. time 3600s rdnss option (25), length 24 (3): lifetime 1200s, addr:
mtu option (5), length 8 (1): 1500
unknown option (24), length 8 (1):
0x0000: 0008 0000 0708

So... can you explain what this packet trace is all about?

  -- Fernando Gont
---- cut here ----


Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com

More information about the Ipv6hackers mailing list