I was doing some packet scanning on one of my IPv6 enabled servers and I found traffic such as the following frequently (IPs slightly edited):
02:23:02.410360 IP6 fe80::ff78.546 > ff02::2.547: dhcp6 solicit
Not having done too much ipv6 packet scanning yet I am curious to know if this is a mis-configured dhcp6 server somewhere? Is this a rather common thing to see in IPv6 traffic?
The addresses are not mine, neither do I run a dhcpv6 daemon (no need for it).
Thanks,
Jeroen
The addresses *are* yours (sort of, the same way that in IPv4, 127.0.0.1
belongs to you even though it's in a netblock assigned to IANA rather than
you). fe80: is a prefix for "link level" addresses (basically "only valid on
this subnet"), and is what the machine asking for the dhcp6 uses so it has *an*
address it can use (or more correctly, so that the machine that replies can
fill in a destination for the reply). Meanwhile, ff02::2 is a reserved address
for "all routers on the network segment".
You can probably pull the mac address out of that fe80:: address, as it's
an EUI-64. For example, on my laptop I have:
inet6 addr: fe80::224:d6ff:fe53:c5ba/64 Scope:Link
Pull out the 'ff:fe', take out that first 2, and my MAC address is 00:24:d6:53:c5:ba.
Hope that helps you find the offending box that is under the impression that
dhcp6 *is* needed. 