Wireshark/IPv6 Teredo
Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze IPv6 Teredo traffic. Note: These activities do not require an IPv6 Internet connection. Teredo tunnels across IPv4.
Readings
editPreparation
editTo prepare for this activity:
- Start Windows.
- Log in if necessary.
- Install Wireshark.
- Enable Teredo if necessary.
Activity 1 - Capture IPv6 Teredo Traffic
editTo capture IPv6 Teredo traffic:
- Use ipconfig /all to verify that you have a Teredo tunnel adapter. If not, simply read along to understand the following concepts.
- Start a Wireshark capture.
- Use ping 2001:4860:4860::8888 to ping an Internet host by IPv6 address.
- Stop the Wireshark capture.
Activity 2 - Analyze IPv6 Teredo Traffic
editTo analyze IPv6 Teredo traffic:
- Observe the traffic captured in the top Wireshark packet list pane. Type teredo (lower case) in the Filter box and press Enter to select Teredo traffic.
- Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Teredo IPv6 Over UDP Tunneling / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame. The IPv6 / ICMPv6 packets are encapsulated inside IPv4 / UDP packets and forwarded to a Teredo server for IPv6 forwarding.
- Expand Internet Protocol Version 6 and identify the Source Teredo Port number.
- Modify the Filter box to teredo || udp.port == <Teredo port number>. For example, if the port number was 54321, you would enter a filter of teredo || udp.port == 54321. Then press Enter.
- Observe the IPv6 Teredo traffic.
- Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.