原创 Wireshare 分析 IPv6 包
场景
执行 curl 6.ipw.cn,查看本机的 IPv6 通信包。
如果有 DNS 缓存,可以执行
sudo killall -HUP mDNSResponder;sudo killall mDNSResponderHelper;sudo dscacheutil -flushcache清理缓存
理论支撑
RFC8200新窗口打开 的 IPv6 Header Format 章节
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| 请求的源地址,如 2408:824c:200::2b8b:336f:cc9c |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| 目标地址,例如 2402:4e00:1013:e500:0:940e:29d7:3443 |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Version 4-bit Internet Protocol version number = 6.
Traffic Class 8-bit Traffic Class field. See Section 7.
Flow Label 20-bit flow label. See Section 6.
Payload Length 16-bit unsigned integer. Length of the IPv6
payload, i.e., the rest of the packet
following this IPv6 header, in octets. (Note
that any extension headers (see Section 4)
present are considered part of the payload,
i.e., included in the length count.)
Next Header 8-bit selector. Identifies the type of header
immediately following the IPv6 header. Uses
the same values as the IPv4 Protocol field
[IANA-PN].
Hop Limit 8-bit unsigned integer. Decremented by 1 by
each node that forwards the packet. When
forwarding, the packet is discarded if Hop
Limit was zero when received or is decremented
to zero. A node that is the destination of a
packet should not discard a packet with Hop
Limit equal to zero; it should process the
packet normally.
Source Address 128-bit address of the originator of the
packet. See [RFC4291].
Destination Address 128-bit address of the intended recipient of
the packet (possibly not the ultimate
recipient, if a Routing header is present).
See [RFC4291] and Section 4.4.
实战
使用 wireshark 开启抓包,命令访问 curl 6.ipw.cn,抓包截图如下:
DNS 解析(2332-2335)
- 编号为2332:向 DNS 服务器
240e:1f:1::1(广东电信 IPv6 DNS)请求 6.ipw.cn 的 A 记录(即IPv4 记录) - 2333: 请求 6.ipw.cn 的 AAAA 记录(即IPv6 记录)
- 2334: DNS 服务器返回 6.ipw.cn 的 AAAA 记录为
2402:4e00:1013:e500:0:940e:29d7:3443 - 2335: 返回 6.ipw.cn 的 A 记录为空(实际上 6.ipw.cn 只添加 AAAA 记录,未添加 A 记录)
- 编号为2332:向 DNS 服务器
TCP 三次握手(2336-2338)
HTTP 传输(2339-2341)
TCP 四次挥手再见(2342-2345)
在上图中可以看到 IPv6 包头。
下次解释下,这次太晚了,先睡觉了。
访客IP: ,您的网络 访问优先