Wireshark/IPv6 remote

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze remote IPv6 traffic.

Readings

edit

Preparation

edit

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture Remote IPv6 Traffic

edit

To capture remote IPv6 traffic:

  1. Start a Wireshark capture.
  2. Use ping 2001:4860:4860::8888 to ping an Internet host by IPv6 address.
  3. Stop the Wireshark capture.

Activity 2 - Analyze Remote IPv6 Outbound Traffic

edit

To analyze remote IPv6 outbound traffic:

  1. Observe the traffic captured in the top Wireshark packet list pane. Look for traffic with ICMPv6 listed as the protocol. To view only ICMPv6 traffic, type icmpv6 (lower case) in the Filter box and press Enter.
  2. Select the first ICMPv6 packet, labeled Echo (ping) request.
  3. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.
  4. Expand Ethernet II to view Ethernet details.
  5. Observe the Destination field. This should contain the MAC address of your default gateway. You can use netsh interface ipv6 show neighbors to confirm. Notice that remote Internet layer traffic is processed as local Link layer traffic. The default gateway will route the packet to the Internet.
  6. Observe the Source field. This should contain your MAC address. You can use ipconfig /all or getmac to confirm.
  7. Observe the Type field. Notice that the type is 0x86dd, indicating IPv6.
  8. Expand Internet Protocol Version 6 to view IPv6 details.
  9. Observe the Source address. Notice that the source address is your IPv6 address.
  10. Observe the Destination address. Notice that the destination address is the Internet host IPv6 address.

Activity 3 - Analyze Remote IPv6 Inbound Traffic

edit

To analyze remote IPv6 inbound traffic:

  1. In the top Wireshark packet list pane, select the next ICMPv6 packet, labeled Echo (ping) reply.
  2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.
  3. Expand Ethernet II to view Ethernet details.
  4. Observe the Destination field. This should contain your MAC address.
  5. Observe the Source field. This should contain the MAC address of your default gateway. Notice that the remote Internet layer traffic is returned as local Link layer traffic. The routers between the Internet host and your network routed the packet back to your router so that it could forward the packet back to your computer.
  6. Observe the Type field. Notice that the type is 0x86dd, indicating IPv6.
  7. Expand Internet Protocol Version 6 to view IPv6 details.
  8. Observe the Source address. Notice that the source address is the Internet host IPv6 address.
  9. Observe the Destination address. Notice that the destination address is your IPv6 address.
  10. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References

edit