• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How to view proto 41 IPv4 traffic in Wireshark

Started by pimzand, April 18, 2017, 09:05:08 AM

Previous topic - Next topic

pimzand

Regardless whether I monitor the IPv4-only ethernet interface or the IPv6 sit interface in Wireshark, I always get to see the traffic as IPv6.

How can I see the actual IPv4 proto 41 packets?

Thanks,
Pim

divad27182

If you look in the "Packet Details" frame (the middle one), you should see both "Internet Protocol Version 4" and "Internet Protocol Version 6".  The former is the IPv4 header saying it's content is protocol 41.  The later is the protocol 41 content, which is to say the first IPv6 header.  Since Wireshark always shows the most decoded form, you will see this as IPv6 traffic.  If you really wanted to, you could disable the IPv6 decoder.

--David