[lacnog] Quiz: Weird IPv6 Traffic on the Local Network

Fernando Gont fgont en si6networks.com
Mar Feb 16 20:55:21 BRST 2016


Para entretenerse:

Version fea sin colores (en el blog se ve mas facil):
---- cut here ----
Quiz: Weird IPv6 Traffic on the Local Network

One thing that I enjoy a lot is capturing network traffic to
subsequently try to figure out whether the captured traffic makes any
sense -- you learn a lot that way.

The following packet was shared with me by Timo Hilbrink during the 10th
Slovenian IPv6 Summit.

The quiz consists in explaining the packet trace bellow.


* Apple iOS 8.3
* Fritz!Box CPE

The "Crime Scene" (tcpdump packet trace):

Two packets:

19:00:02.246726 IP6 truncated-ip6 - 16011 bytes missing!(class 0x50,
flowlabel 0x00040,
hlim 0, next-header unknown (64) payload length: 16035)
4006:a0bd:c0a8:b229:40e9:a79c:f129:50 > f141:8159::b002:ffff:32fc:0:
19:00:02.252529 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 256)
fe80::be05:43ff:feea:be92 > ip6-allnodes: [icmp6 sum ok] ICMP6, router
advertisement, length 256
hop limit 255, Flags [other stateful], pref high, router lifetime 1800s,
reachable time
0s, retrans time 0s
prefix info option (3), length 32 (4): 4006:a0bd:c0a8:b229::/64, Flags
[onlink, auto],
valid time 7200s, pref. time 0s
prefix info option (3), length 32 (4): 4006:11b:c0a8:b229::/64, Flags
[onlink, auto],
valid time 6973s, pref. time 0s
prefix info option (3), length 32 (4): 4006:3e38:c0a8:b229::/64, Flags
[onlink, auto],
valid time 6972s, pref. time 0s
prefix info option (3), length 32 (4): 2001:980:376d:1::/64, Flags
[onlink, auto], valid
time 6603s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr:
mtu option (5), length 8 (1): 1500
unknown option (24), length 8 (1):
0x0000: 0008 0000 0708

So... can you explain what this packet trace is all about?

  -- Fernando Gont
---- cut here ----

Saludos cordiales,
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Más información sobre la lista de distribución LACNOG