Wireshark-users: Re: [Wireshark-users] IPv6 Geo info
From: Gisle Vanem <gvanem@xxxxxxxxxxxx>
Date: Thu, 06 Oct 2011 19:32:59 +0200
"Gerald Combs" <gerald@xxxxxxxxxxxxx> wrote:
Until today Wireshark's GeoIP code only supported the IPv4 versions of the GeoIP databases. I checked in changes in r39280 to r39284 to add support for their IPv6 counterparts.
I just got the latest SVN and built the MSVC version. But I cannot see anygeo-info for 6to4-addresses. I.e. IPv6 inside IPv4 (protocol 41) doesn't show any GeoIP-info. That is the only way here on my Win-XP box. E.g.:
Internet Protocol Version 4, Src: 173.195.0.231 (173.195.0.231), Dst: 192.88.99.1 (192.88.99.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 112
Identification: 0x5a7e (23166)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: IPv6 (41)
Header checksum: 0x0de3 [correct]
[Good: True]
[Bad: False]
Source: 173.195.0.231 (173.195.0.231)
Destination: 192.88.99.1 (192.88.99.1)
[Source GeoIP: United States, AS13926 Reliablehosting.com, New York, NY, 40.688801, -74.020302]
[Source GeoIP Country: United States]
[Source GeoIP AS Number: AS13926 Reliablehosting.com]
[Source GeoIP City: New York, NY]
[Source GeoIP Latitude: 40.688801]
[Source GeoIP Longitude: -74.020302]
[Destination GeoIP: AS559 SWITCH, Swiss Education and Research Network]
[Destination GeoIP AS Number: AS559 SWITCH, Swiss Education and Research Network]
Internet Protocol Version 6, Src: 2002:adc3:e7::adc3:e7 (2002:adc3:e7::adc3:e7), Dst: fec0:0:0:ffff::1 (fec0:0:0:ffff::1)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
.... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
.... .... ...0 .... .... .... .... .... = ECN-CE: Not set
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 52
Next header: UDP (0x11)
Hop limit: 128
Source: 2002:adc3:e7::adc3:e7 (2002:adc3:e7::adc3:e7)
[Source 6to4 Gateway IPv4: 173.195.0.231 (173.195.0.231)]
[Source 6to4 SLA ID: 0]
Destination: fec0:0:0:ffff::1 (fec0:0:0:ffff::1)
I guess this is as designed. But in 6to4, isn't there a possibility that the inner src/dst
addresses can have different geo-location than the outer addresses? I read in [1]
about relay/border routers, but failed to grasp all of it. Btw. The dst-ip above 192.88.99.1 is an anycast address which should have no geo-info AFAICS. So what is the "AS559 SWITCH, Swiss Education and Research Network" doing there? [1] http://en.wikipedia.org/wiki/6to4 --gv
- Follow-Ups:
- Re: [Wireshark-users] IPv6 Geo info
- From: Gerald Combs
- Re: [Wireshark-users] IPv6 Geo info
- References:
- [Wireshark-users] IPv6 Geo info
- From: Gisle Vanem
- Re: [Wireshark-users] IPv6 Geo info
- From: Gerald Combs
- [Wireshark-users] IPv6 Geo info
- Prev by Date: Re: [Wireshark-users] TDS question
- Next by Date: Re: [Wireshark-users] TDS question
- Previous by thread: Re: [Wireshark-users] IPv6 Geo info
- Next by thread: Re: [Wireshark-users] IPv6 Geo info
- Index(es):