Wireshark/IPv6 Teredo

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze IPv6 Teredo traffic. Note: These activities do not require an IPv6 Internet connection. Teredo tunnels across IPv4.

Readings

edit

Preparation

edit

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.
  3. Install Wireshark.
  4. Enable Teredo if necessary.

Activity 1 - Capture IPv6 Teredo Traffic

edit

To capture IPv6 Teredo traffic:

  1. Use ipconfig /all to verify that you have a Teredo tunnel adapter. If not, simply read along to understand the following concepts.
  2. Start a Wireshark capture.
  3. Use ping 2001:4860:4860::8888 to ping an Internet host by IPv6 address.
  4. Stop the Wireshark capture.

Activity 2 - Analyze IPv6 Teredo Traffic

edit

To analyze IPv6 Teredo traffic:

  1. Observe the traffic captured in the top Wireshark packet list pane. Type teredo (lower case) in the Filter box and press Enter to select Teredo traffic.
  2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Teredo IPv6 Over UDP Tunneling / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame. The IPv6 / ICMPv6 packets are encapsulated inside IPv4 / UDP packets and forwarded to a Teredo server for IPv6 forwarding.
  3. Expand Internet Protocol Version 6 and identify the Source Teredo Port number.
  4. Modify the Filter box to teredo || udp.port == <Teredo port number>. For example, if the port number was 54321, you would enter a filter of teredo || udp.port == 54321. Then press Enter.
  5. Observe the IPv6 Teredo traffic.
  6. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References

edit