This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

v4 vs v6 packets

0

Hi, If I am sending some payload both using v4 and v6 then how it'll differ exactly? I observed the payload difference in both v4 and v6 traffic.

Please clarify on this.

asked 17 Dec '13, 01:23

sspallai's gravatar image

sspallai
11112
accept rate: 0%

One Answer:

0

The payload should be identical if you choose a different protocol, if the code is really the same. So, what are those differences exactly? Can you post a sample capture somewhere (Google drive, dropbox, clodshark.org or mega.co.nz)?

Regards
Kurt

answered 17 Dec '13, 01:39

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

It might not be identical if the packets are full because the IPv6 header "steals" potentially 20 bytes more from the segment size than the IPv4 header. So you'll see some re-segmentation for IPv6.

(17 Dec '13, 01:46) Jasper ♦♦

Hi Kurt, Please find here the difference. I have used same http traffic. Please check the payload size and all.

Internet Protocol, Src: 5.0.0.1 (5.0.0.1), Dst: 4.0.0.1 (4.0.0.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x0000 (0)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
    Total Length: 1140
    Identification: 0x0d05 (3333)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 61
    Protocol: TCP (0x06)
    Header checksum: 0x637e [correct]
        [Good: True]
        [Bad : False]
    Source: 4.0.0.1 (4.0.0.1)
    Destination: 5.0.0.1 (5.0.0.1)

Internet Protocol Version 6
0110 …. = Version: 6
…. 0000 0000 …. …. …. …. …. = Traffic class: 0x00000000
…. …. …. 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 1132
Next header: TCP (0x06)
Hop limit: 64
Source: 2001:1000:1111:2222:3333:4444:8005:14d (2001:1000:1111:2222:3333:4444:8005:14d)
Destination: bfaf:9f71:c8d2:688e:8018:5a0:9002:0 (bfaf:9f71:c8d2:688e:8018:5a0:9002:0)

Regards, Suchi

(17 Dec ‘13, 01:47) sspallai

Well, one is IPv4, one is IPv6. It makes not much sense to compare them, unless you want to know which fields the different headers have. For that you could just read the RFCs or any IPv4/IPv6 documentation.

(17 Dec ‘13, 01:52) Jasper ♦♦

I’m sorry, that’s only the headers (which are obviously different, as it’s a different protocol). You said, the payload is different (the bytes that your application wants to transmit). I can’t check that, as you did not post the payload .

(17 Dec ‘13, 02:38) Kurt Knochner ♦

@Jasper: I believe the OP does not mean the real payload although he used that term. I guess he just wonders why IPv4 looks different than IPv6 in Wireshark.

@sspallai: If that is the case. Don’t wonder any longer. It looks different, because some aspects of IPv6 are totally different than in IPv4.

(17 Dec ‘13, 02:41) Kurt Knochner ♦