Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: How to view proto 41 IPv4 traffic in Wireshark  (Read 294 times)

pimzand

  • Newbie
  • *
  • Posts: 2
    • View Profile
How to view proto 41 IPv4 traffic in Wireshark
« on: April 18, 2017, 09:05:08 AM »

Regardless whether I monitor the IPv4-only ethernet interface or the IPv6 sit interface in Wireshark, I always get to see the traffic as IPv6.

How can I see the actual IPv4 proto 41 packets?

Thanks,
Pim
Logged

divad27182

  • Newbie
  • *
  • Posts: 35
    • View Profile
Re: How to view proto 41 IPv4 traffic in Wireshark
« Reply #1 on: April 20, 2017, 03:33:11 PM »

If you look in the "Packet Details" frame (the middle one), you should see both "Internet Protocol Version 4" and "Internet Protocol Version 6".  The former is the IPv4 header saying it's content is protocol 41.  The later is the protocol 41 content, which is to say the first IPv6 header.  Since Wireshark always shows the most decoded form, you will see this as IPv6 traffic.  If you really wanted to, you could disable the IPv6 decoder.

--David
Logged