Wireshark/DHCPv6

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze DHCPv6 traffic.

• Wikipedia: DHCPv6

To prepare for this activity:

1. Start Windows.
2. Log in if necessary.
3. Install Wireshark.

To capture DHCPv6 traffic:

1. Start a Wireshark capture.
2. Open a command prompt.
3. Type ipconfig /renew6 and press Enter.
4. Type ipconfig /release6 and press Enter.
5. Type ipconfig /renew6 and press Enter.
6. Close the command prompt.
7. Stop the Wireshark capture.

To analyze DHCPv6 Renew traffic:

1. Observe the traffic captured in the top Wireshark packet list pane. To view only DHCPv6 traffic, type dhcpv6 (lower case) in the Filter box and press Enter.
2. In the top Wireshark packet list pane, select the first DHCPv6 packet, labeled DHCPv6 Renew.
3. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
4. Expand Ethernet II to view Ethernet details.
5. Observe the Destination and Source fields. The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address. You can use ipconfig /all and netsh interface ipv6 show neighbors to confirm.
6. Expand Internet Protocol Version 6 to view IPv6 details.
7. Observe the Source address. Notice that the source address is your link-local IPv6 address.
8. Observe the Destination address. Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
9. Expand User Datagram Protocol to view UDP details.
10. Observe the Source port. Notice that it is dhcpv6-client (546).
11. Observe the Destination port. Notice that it is dhcpv6-server (547).
12. Expand DHCPv6 to view DHCPv6 details.
13. Observe the DHCPv6 Message Type. Notice that it is a Renew (5).
14. Observe the Client Identifier and Server Identifier fields.
15. Expand Option Request to view option details.
16. Observe the requested options.

To analyze DHCPv6 Reply traffic:

1. In the top Wireshark packet list pane, select the second DHCPv6 packet, labeled DHCPv6 Reply.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is the DHCPv6 server IPv6 address.
7. Observe the Destination address. Notice that the destination address is your link-local IPv6 address.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is a dynamic port.
10. Observe the Destination port. Notice that it is dhcpv6-client (546).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is a Reply (7).
13. Expand Client Identifier, Server Identifier, and Identity Association to view Reply details.
14. Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.

To analyze DHCPv6 Release traffic:

1. In the top Wireshark packet list pane, select the third DHCPv6 packet, labeled DHCPv6 Release.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is your link-local IPv6 address.
7. Observe the Destination address. Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is dhcpv6-client (546).
10. Observe the Destination port. Notice that it is dhcpv6-server (547).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is a Release (8).
13. Expand Client Identifier, Server Identifier, and Identity Association to view Release details.
14. Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included. This is the address that will be released on the DHCPv6 server.

To analyze DHCPv6 Reply traffic:

1. In the top Wireshark packet list pane, select the second DHCPv6 packet, labeled DHCPv6 Reply.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is the DHCPv6 server IPv6 address.
7. Observe the Destination address. Notice that the destination address is your link-local IPv6 address.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is a dynamic port.
10. Observe the Destination port. Notice that it is dhcpv6-client (546).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is a Reply (7).
13. Expand Client Identifier and Server Identifier to view Reply details.
14. Observe the MAC addresses and IPv6 addresses. Notice that there is no Identity Association in reply to an address release.

To analyze DHCPv6 Solicit traffic:

1. In the top Wireshark packet list pane, select the fifth DHCPv6 packet, labeled DHCPv6 Solicit.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is your link-local IPv6 address.
7. Observe the Destination address. Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is dhcpv6-client (546).
10. Observe the Destination port. Notice that it is dhcpv6-server (547).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is a Solicit (1).
13. Expand Client Identifier, Identity Association, and Option Request to view Solicit details.
14. Observe the MAC address, as well as any options if included.

To analyze DHCPv6 Advertise traffic:

1. In the top Wireshark packet list pane, select the sixth DHCPv6 packet, labeled DHCPv6 Advertise.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is the DHCPv6 server IPv6 address.
7. Observe the Destination address. Notice that the destination address is your link-local IPv6 address.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is a dynamic port.
10. Observe the Destination port. Notice that it is dhcpv6-client (546).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is an Advertise (2).
13. Expand Client Identifier, Server Identifier, and Identity Association to view Advertise details.
14. Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.

To analyze DHCPv6 Request traffic:

1. In the top Wireshark packet list pane, select the seventh DHCPv6 packet, labeled DHCPv6 Request.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is your link-local IPv6 address.
7. Observe the Destination address. Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is dhcpv6-client (546).
10. Observe the Destination port. Notice that it is dhcpv6-server (547).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is a Request (3).
13. Expand Client Identifier, Identity Association, and Option Request to view Request details.
14. Observe the MAC address, as well as any options if included.

To analyze DHCPv6 Reply traffic:

1. In the top Wireshark packet list pane, select the eighth DHCPv6 packet, labeled DHCPv6 Reply.
2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
3. Expand Ethernet II to view Ethernet details.
4. Observe the Destination and Source fields. The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
5. Expand Internet Protocol Version 6 to view IPv6 details.
6. Observe the Source address. Notice that the source address is the DHCPv6 server IPv6 address.
7. Observe the Destination address. Notice that the destination address is your link-local IPv6 address.
8. Expand User Datagram Protocol to view UDP details.
9. Observe the Source port. Notice that it is a dynamic port.
10. Observe the Destination port. Notice that it is dhcpv6-client (546).
11. Expand DHCPv6 to view DHCPv6 details.
12. Observe the DHCPv6 Message Type. Notice that it is a Reply (7).
13. Expand Client Identifier, Server Identifier, and Identity Association to view Reply details.
14. Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.
15. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

• Wireshark: User's Guide
• Wireshark: DHCP