Wikiversity

Wireshark/IPv6 local

< Wireshark

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze local IPv6 traffic.

Readings edit

Preparation edit

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Local IPv6 Traffic edit

To capture local IPv6 traffic:

  1. Use ipconfig to display the default gateway address. Note the Default Gateway displayed. Be sure to select an IPv6 address. If you don't have an IPv6 default gateway, just review the following instructions for content understanding.
  2. Start a Wireshark capture.
  3. Use ping <default gateway address> to ping the default gateway IPv6 address.
  4. Stop the Wireshark capture.

Activity 2 - Analyze Local IPv6 Outbound Traffic edit

To analyze local IPv6 outbound traffic:

  1. Observe the traffic captured in the top Wireshark packet list pane. Look for traffic with ICMPv6 listed as the protocol. To view only ICMPv6 traffic, type icmpv6 (lower case) in the Filter box and press Enter.
  2. Select the first ICMPv6 packet or scroll down if necessary to locate the first packet labeled Echo (ping) request.
  3. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.
  4. Expand Ethernet II to view Ethernet details.
  5. Observe the Destination field. This should contain the MAC address of your default gateway. You can use netsh interface ipv6 show neighbors to confirm.
  6. Observe the Source field. This should contain your MAC address. You can use ipconfig /all or getmac to confirm.
  7. Observe the Type field. Notice that the type is 0x86dd, indicating IPv6.
  8. Expand Internet Protocol Version 6 to view IPv6 details.
  9. Observe the Source address. Notice that the source address is your IPv6 address.
  10. Observe the Destination address. Notice that the destination address is the default gateway IPv6 address.

Activity 3 - Analyze Local IPv6 Inbound Traffic edit

To analyze local IPv6 inbound traffic:

  1. In the top Wireshark packet list pane, select the next ICMPv6 packet, labeled Echo (ping) reply.
  2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.
  3. Expand Ethernet II to view Ethernet details.
  4. Observe the Destination field. This should contain your MAC address.
  5. Observe the Source field. This should contain the MAC address of your default gateway.
  6. Observe the Type field. Notice that the type is 0x86dd, indicating IP.
  7. Expand Internet Protocol Version 6 to view IPv6 details.
  8. Observe the Source address. Notice that the source address is the default gateway IPv6 address.
  9. Observe the Destination address. Notice that the destination address is your IPv6 address.
  10. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References edit

Retrieved from "https://en.wikiversity.org/w/index.php?title=Wireshark/IPv6_local&oldid=1811713"