Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze IPv6 multicast traffic.
- Wikipedia: Multicast
- Wikipedia: Multicast Address
- Wikipedia: Simple Service Discovery Protocol (SSDP)
- Wikipedia: Web Services Dynamic Discovery (WS-Discovery)
To prepare for this activity:
- Start Windows.
- Log in if necessary.
- Install Wireshark.
Activity 1 - Capture IPv6 Multicast Traffic
To capture IPv6 multicast traffic:
- Start a Wireshark capture.
- In Windows, select Start and then type Network and Sharing Center in the Run box. Press Enter.
- Select Change advanced sharing settings.
- Note the current status of Network discovery. If it is already on, select Turn off network discovery and Save changes.
- Select Turn on network discovery and Save changes.
- Wait a few seconds for network discovery to generate multicast traffic.
- If Network discovery was initially off, select Turn off network discovery and Save changes to return the status to the original setting. If network discovery was initially on, leave it on.
- Stop the Wireshark capture.
Activity 2 - Analyze IPv6 Multicast Traffic
To analyze IPv6 multicast traffic:
- Observe the traffic captured in the top Wireshark packet list pane. To view only IPv6 multicast traffic, type ipv6.addr >= ff00:: (lower case) in the Filter box and press Enter.
- The traffic you are most likely to see is ICMPv6 and Simple Service Discovery Protocol (SSDP) traffic. You may also see Web Services Dynamic Discovery (WS-Discovery) traffic or other multicast traffic. Whatever you find, select the first frame.
- Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 6 frame.
- Expand Ethernet II to view the Ethernet details.
- Observe the Destination address. Notice that it starts with 33:33, the Ethernet multicast address for IPv6.
- Expand Internet Protocol Version 6 to view IPv6 details.
- Observe the Destination address. Notice that it begins with ff (ff00::/8), the IPv6 multicast range. If it is SSDP or WS-Discovery traffic, it will be addressed to ff02::c.
- Select additional frames and observe the Ethernet and IPv6 details for multicast traffic.
- Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.