TCPDUMP and IPv6

tcpdump -i eth0 “icmp6 && ip6[40] == 128”

The most common ICMPv6 types are:

  • unreachable: 1
  • too-big: 2
  • time-exceeded: 3
  • echo-request: 128
  • echo-reply: 129
  • router-solicitation: 133
  • router-advertisement: 134
  • neighbor-solicitation: 135
  • neighbor-advertisement: 136

tcpdump -i eth0 “icmp6 && ip6[40] == 128”
tcpdump -i eth0 -nr ipv6_traffic.pcap “ip6 and not tcp port 22”

IPv6 and TCP

tcpdump -nr ipv6_traffic.pcap ip6 proto 6
tcpdump -nr ipv6_traffic.pcap ip6 protochain 6

IPv6 and UDP

tcpdump -nr ipv6_traffic.pcap ip6 proto 17
tcpdump -nr ipv6_traffic.pcap ip6 and udp

ss