[lacnog] Quiz: Weird IPv6 Traffic on the Local Network
Jaime Olmos
jaime en noc.udg.mx
Mar Feb 16 22:15:26 BRST 2016
Que tal Fernando,
En primer lugar, la dirección IPv6 constan de 4006:a0bd:c0a8:B229:40e9:a79c:F129:50. Esto podría ser una parte de una dirección IPv4, c0a8:B229 corresponde con 192.168.178.41 y 40e9:a79c corresponde a 64.233.167.156. ¿Por qué? No lo sé. Podrías compartir más información.
Saludos,
JAIME OLMOS
http://www.ipv6.udg.mx
On 2/16/16, 4:55 PM, "LACNOG on behalf of Fernando Gont" <lacnog-bounces en lacnic.net on behalf of fgont en si6networks.com> wrote:
>Estimados,
>
>Para entretenerse:
><http://blog.si6networks.com/2016/02/quiz-weird-ipv6-traffic-on-local-network.html>
>
>
>Version fea sin colores (en el blog se ve mas facil):
>---- cut here ----
>Quiz: Weird IPv6 Traffic on the Local Network
>
>One thing that I enjoy a lot is capturing network traffic to
>subsequently try to figure out whether the captured traffic makes any
>sense -- you learn a lot that way.
>
>The following packet was shared with me by Timo Hilbrink during the 10th
>Slovenian IPv6 Summit.
>
>The quiz consists in explaining the packet trace bellow.
>
>Actors:
>
>* Apple iOS 8.3
>* Fritz!Box CPE
>
>
>The "Crime Scene" (tcpdump packet trace):
>
>Two packets:
>
>19:00:02.246726 IP6 truncated-ip6 - 16011 bytes missing!(class 0x50,
>flowlabel 0x00040,
>hlim 0, next-header unknown (64) payload length: 16035)
>4006:a0bd:c0a8:b229:40e9:a79c:f129:50 > f141:8159::b002:ffff:32fc:0:
>ip-proto-64
>16035
>19:00:02.252529 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 256)
>fe80::be05:43ff:feea:be92 > ip6-allnodes: [icmp6 sum ok] ICMP6, router
>advertisement, length 256
>hop limit 255, Flags [other stateful], pref high, router lifetime 1800s,
>reachable time
>0s, retrans time 0s
>prefix info option (3), length 32 (4): 4006:a0bd:c0a8:b229::/64, Flags
>[onlink, auto],
>valid time 7200s, pref. time 0s
>prefix info option (3), length 32 (4): 4006:11b:c0a8:b229::/64, Flags
>[onlink, auto],
>valid time 6973s, pref. time 0s
>prefix info option (3), length 32 (4): 4006:3e38:c0a8:b229::/64, Flags
>[onlink, auto],
>valid time 6972s, pref. time 0s
>prefix info option (3), length 32 (4): 2001:980:376d:1::/64, Flags
>[onlink, auto], valid
>time 6603s, pref. time 3600s
>rdnss option (25), length 24 (3): lifetime 1200s, addr:
>fd00::be05:43ff:feea:be92
>mtu option (5), length 8 (1): 1500
>unknown option (24), length 8 (1):
>0x0000: 0008 0000 0708
>
>
>So... can you explain what this packet trace is all about?
>
> -- Fernando Gont
>---- cut here ----
>
>Saludos cordiales,
>--
>Fernando Gont
>SI6 Networks
>e-mail: fgont en si6networks.com
>PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
>_______________________________________________
>LACNOG mailing list
>LACNOG en lacnic.net
>https://mail.lacnic.net/mailman/listinfo/lacnog
>Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
Más información sobre la lista de distribución LACNOG