dhcp6 solicit

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Mar 9 20:44:56 CST 2011


On Wed, 09 Mar 2011 18:20:12 PST, Jeroen van Aart said:
> I was doing some packet scanning on one of my IPv6 enabled servers and I 
> found traffic such as the following frequently (IPs slightly edited):
> 
> 02:23:02.410360 IP6 fe80::ff78.546 > ff02::2.547: dhcp6 solicit

> The addresses are not mine, neither do I run a dhcpv6 daemon (no need 
> for it).

The addresses *are* yours (sort of, the same way that in IPv4, 127.0.0.1
belongs to you even though it's in a netblock assigned to IANA rather than
you).  fe80: is a prefix for "link level" addresses (basically "only valid on
this subnet"), and is what the machine asking for the dhcp6 uses so it has *an*
address it can use (or more correctly, so that the machine that replies can
fill in a destination for the reply). Meanwhile, ff02::2 is a reserved address
for "all routers on the network segment".

You can probably pull the mac address out of that fe80:: address, as it's
an EUI-64.  For example, on my laptop I have:

inet6 addr: fe80::224:d6ff:fe53:c5ba/64 Scope:Link

Pull out the 'ff:fe', take out that first 2, and my MAC address is 00:24:d6:53:c5:ba.

Hope that helps you find the offending box that is under the impression that
dhcp6 *is* needed. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110309/434abe36/attachment.bin>


More information about the NANOG mailing list