[ipv6hackers] Quiz: Weird IPv6 Traffic on the Local Network

Thorsten.Trottier at t-systems.com Thorsten.Trottier at t-systems.com
Wed Feb 17 16:39:21 CET 2016 

Hi Fernando,
Google was my friend: https://www.famkruithof.net/4006ipv6prefix.html
explains pretty well what's going on.
Best regards
Thorsten

-----Ursprüngliche Nachricht-----
Von: Ipv6hackers [mailto:ipv6hackers-bounces at lists.si6networks.com] Im Auftrag von Fernando Gont
Gesendet: Dienstag, 16. Februar 2016 23:59
An: IPv6 Hackers Mailing List
Betreff: [ipv6hackers] Quiz: Weird IPv6 Traffic on the Local Network

Folks,

For your own entertainment:
<http://blog.si6networks.com/2016/02/quiz-weird-ipv6-traffic-on-local-network.html>


Ugly plain-text version (much better/easier to read it from the blog,
but...):

---- cut here ----
Quiz: Weird IPv6 Traffic on the Local Network

One thing that I enjoy a lot is capturing network traffic to subsequently try to figure out whether the captured traffic makes any sense -- you learn a lot that way.

The following packet was shared with me by Timo Hilbrink during the 10th Slovenian IPv6 Summit.

The quiz consists in explaining the packet trace bellow.

Actors:

* Apple iOS 8.3
* Fritz!Box CPE


The "Crime Scene" (tcpdump packet trace):

Two packets:

19:00:02.246726 IP6 truncated-ip6 - 16011 bytes missing!(class 0x50, flowlabel 0x00040, hlim 0, next-header unknown (64) payload length: 16035) 4006:a0bd:c0a8:b229:40e9:a79c:f129:50 > f141:8159::b002:ffff:32fc:0:
ip-proto-64
16035
19:00:02.252529 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 256)
fe80::be05:43ff:feea:be92 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 256 hop limit 255, Flags [other stateful], pref high, router lifetime 1800s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): 4006:a0bd:c0a8:b229::/64, Flags [onlink, auto], valid time 7200s, pref. time 0s prefix info option (3), length 32 (4): 4006:11b:c0a8:b229::/64, Flags [onlink, auto], valid time 6973s, pref. time 0s prefix info option (3), length 32 (4): 4006:3e38:c0a8:b229::/64, Flags [onlink, auto], valid time 6972s, pref. time 0s prefix info option (3), length 32 (4): 2001:980:376d:1::/64, Flags [onlink, auto], valid time 6603s, pref. time 3600s rdnss option (25), length 24 (3): lifetime 1200s, addr:
fd00::be05:43ff:feea:be92
mtu option (5), length 8 (1): 1500
unknown option (24), length 8 (1):
0x0000: 0008 0000 0708


So... can you explain what this packet trace is all about?

  -- Fernando Gont
---- cut here ----

Thanks!

Cheers,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list