Ask Your Question

When/why would a device send a frame with ethertype 0x86dd (IPv6) but it's actually an IPv4 packet?

asked 2017-11-27 04:17:38 +0000

wolak gravatar image

I've been playing around with packet captures on my local network, and I ran into an odd behavior that seems to crop up occasionally. When establishing a TCP connection to an IPv4 host, I caught my iPhone sending an Ethernet frame with type 0x86dd but encapsulating an IPv4 packet (Frame no. 3 in pcap dump). Wireshark flags this as an undecodable mess, since the IPv6 version field is set to 4. If I manually override it to decode as IPv4, then sure enough it's a valid, correct IPv4 packet.

Is this something my network should be able to handle? What should my router do with such a packet?

edit retag flag offensive close merge delete


It seems that we don´t have the permissions to view your shared file.

Christian_R gravatar imageChristian_R ( 2017-11-27 15:17:11 +0000 )edit

Whoops! Fixed.

wolak gravatar imagewolak ( 2017-11-27 16:44:42 +0000 )edit

Looks totally strange to me. And no, your network should not be able to handle this packet (IMHO). I expect that the packet gets dropped at the next layer 3 hop (router).

Uli gravatar imageUli ( 2017-11-28 19:18:34 +0000 )edit

1 Answer

Sort by » oldest newest most voted

answered 2022-11-03 11:28:37 +0000

Wow, I've never seen this behaviour before. I'm not aware of any protocol or RFC mentioning this. I'm quite sure that this is an error. Interestingly, your router did NOT discard but forwarded it, since your TCP handshake took place correctly.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-11-27 04:17:38 +0000

Seen: 10,923 times

Last updated: Nov 03 '22