This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What is IPv4 packet with “IPv6 Hop-by-Hop Option”?

0

Hi,

I have a PCAP-file which contains multiple frames with Ip4 Header with as info "IPv6 Hop-by-Hop Option" (see screenshot below)

My question is:

  • What kind of packets are this?
  • In what situations you will see them in traffic?
  • How can I filter on these Hop-by-Hop packets? (e.g. as display filter in Wireshark, or via code in via libpcap). As far as I can see source/dest are 0.0.0.0. Is this always the case for this class of packets?

Thanks

alt text

asked 03 Feb '16, 05:45

Jos's gravatar image

Jos
6225
accept rate: 0%

2 Answers:

0

That packet looks bogus all the way - It has source and destination IP zero, which is impossible on a live network, so it looks like someone messed with (=edited) the packet.

IPv6 Hop-by-Hop isn't relevant to IPv4 packets, either.

answered 03 Feb '16, 05:52

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 03 Feb '16, 05:54

Or a device 'lost its marbles' and produced this frame on its network interface...

(03 Feb '16, 08:37) Jaap ♦

0

"IPv6 Hop-by-Hop" is the protocol that's defined by IANA for IP protocol number 0.

To filter, use a display filter of ip.proto == 0.

answered 03 Feb '16, 05:53

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%