When/why would a device send a frame with ethertype 0x86dd (IPv6) but it's actually an IPv4 packet?

asked 2017-11-27 04:17:38 +0000

wolak gravatar image

I've been playing around with packet captures on my local network, and I ran into an odd behavior that seems to crop up occasionally. When establishing a TCP connection to an IPv4 host, I caught my iPhone sending an Ethernet frame with type 0x86dd but encapsulating an IPv4 packet (Frame no. 3 in pcap dump). Wireshark flags this as an undecodable mess, since the IPv6 version field is set to 4. If I manually override it to decode as IPv4, then sure enough it's a valid, correct IPv4 packet.

Is this something my network should be able to handle? What should my router do with such a packet?

edit retag flag offensive close merge delete


It seems that we donĀ“t have the permissions to view your shared file.

Christian_R gravatar imageChristian_R ( 2017-11-27 15:17:11 +0000 )edit

Whoops! Fixed.

wolak gravatar imagewolak ( 2017-11-27 16:44:42 +0000 )edit

Looks totally strange to me. And no, your network should not be able to handle this packet (IMHO). I expect that the packet gets dropped at the next layer 3 hop (router).

Uli gravatar imageUli ( 2017-11-28 19:18:34 +0000 )edit