capture filter for ipv6 network prefix

Question

hello.

I want to write a filter to capture all IPv6 packets that match the net prefix with a subnet id. With ipv4 is simple: net 192.168.5 but with ipv6 this not works for me: net fec0:abcd:1234::

How can i capture the packets that match with network prefix?

Thanks and sorry for my poor english

Answer 1

For IPv6 you must specify the mask length, as there is no implicit definition as with IPv4. See man page of pcap-filter

dst net net
              True if the IPv4/v6 destination address of the packet has a net-
              work  number of net.  Net may be either a name from the networks
              database (/etc/networks, etc.) or a  network  number.   An  IPv4
              network   number   can  be  written  as  a  dotted  quad  (e.g.,
              192.168.1.0), dotted triple (e.g., 192.168.1), dotted pair (e.g,
              172.16),   or   single   number   (e.g.,  10);  the  netmask  is
              255.255.255.255 for a dotted quad (which means that it's  really
              a  host  match),  255.255.255.0 for a dotted triple, 255.255.0.0
              for a dotted pair, or 255.0.0.0 for a single  number.   An  IPv6
              network  number  must  be  written  out  fully;  the  netmask is
              ff:ff:ff:ff:ff:ff:ff:ff, so IPv6 "network"  matches  are  really
              always  host  matches,  and  a  network match requires a netmask
              length.

So, the filter would be something like: net fec0:abcd:1234::/64 (or whatever mask len makes sense for your needs).

Regards
Kurt