Tcpdump

IPv6 upper-layer protocol is not supported by proto[x]

When I was setting up a new system it was configured to have 2 IPv6 addresses. One fixed IPv6 address and one IPv6 via automatic configuration. I wanted to know which IPv6 address was used for as default, so I started tcpdump on a different host with IPv6. But this resulted in a lot of traffic.

root@nynaeve:~# tcpdump -nni eth0 icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:36:29.233603 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:5::1, length 32
14:36:29.234108 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:f::1, length 32
14:36:29.234119 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:4::1, length 32
14:36:29.234122 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:e::1, length 32
14:36:29.234215 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:c::1, length 32
14:36:29.234337 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:1::1, length 32
14:36:29.250866 IP6 fe80::5054:ff:feac:88c2 > ff02::1:ffea:c8c5: ICMP6, neighbor solicitation, who has fe80::6600:6aff:feea:c8c5, length 32
14:36:29.683534 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:1::1, length 32
14:36:29.683772 IP6 fe80::4:1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:8:4:6::1, length 32

With that much traffic it is hard to see which my ICMP6 packets are my ping packets. And since I can’t filter on IPv6 address. Because I don’t know which IPv6 address will be used. So I wanted to filter on ICMP6 echo request and reply packages.

root@nynaeve:~# tcpdump -nni eth0 icmp6[0]=128
tcpdump: IPv6 upper-layer protocol is not supported by proto[x]
root@nynaeve:~#