Text only | Text with Images

Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Linux & BSD & Mac => Topic started by: pimzand on April 18, 2017, 09:05:08 AM

Title: How to view proto 41 IPv4 traffic in Wireshark
Post by: pimzand on April 18, 2017, 09:05:08 AM
Regardless whether I monitor the IPv4-only ethernet interface or the IPv6 sit interface in Wireshark, I always get to see the traffic as IPv6.

How can I see the actual IPv4 proto 41 packets?

Thanks,
Pim
Title: Re: How to view proto 41 IPv4 traffic in Wireshark
Post by: divad27182 on April 20, 2017, 03:33:11 PM
If you look in the "Packet Details" frame (the middle one), you should see both "Internet Protocol Version 4" and "Internet Protocol Version 6".  The former is the IPv4 header saying it's content is protocol 41.  The later is the protocol 41 content, which is to say the first IPv6 header.  Since Wireshark always shows the most decoded form, you will see this as IPv6 traffic.  If you really wanted to, you could disable the IPv6 decoder.

--David
Text only | Text with Images