Wireshark/DHCPv6

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze DHCPv6 traffic.

Readings

 * DHCPv6

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture DHCPv6 Traffic
To capture DHCPv6 traffic:
 * 1)  Start a Wireshark capture.
 * 2)  Open a command prompt.
 * 3) Type ipconfig /renew6 and press Enter.
 * 4) Type ipconfig /release6 and press Enter.
 * 5) Type ipconfig /renew6 and press Enter.
 * 6) Close the command prompt.
 * 7)  Stop the Wireshark capture.

Activity 2 - Analyze DHCPv6 Renew Traffic
To analyze DHCPv6 Renew traffic:
 * 1) Observe the traffic captured in the top Wireshark packet list pane.  To view only DHCPv6 traffic, type dhcpv6 (lower case) in the Filter box and press Enter.
 * 2) In the top Wireshark packet list pane, select the first DHCPv6 packet, labeled DHCPv6 Renew.
 * 3) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 4) Expand Ethernet II to view Ethernet details.
 * 5) Observe the Destination and Source fields.  The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.  You can use  ipconfig /all and  netsh interface ipv6 show neighbors to confirm.
 * 6) Expand Internet Protocol Version 6 to view IPv6 details.
 * 7) Observe the Source address.  Notice that the source address is your link-local IPv6 address.
 * 8) Observe the Destination address.  Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
 * 9) Expand User Datagram Protocol to view UDP details.
 * 10) Observe the Source port.  Notice that it is dhcpv6-client (546).
 * 11) Observe the Destination port.  Notice that it is dhcpv6-server (547).
 * 12) Expand DHCPv6 to view DHCPv6 details.
 * 13) Observe the DHCPv6 Message Type.  Notice that it is a Renew (5).
 * 14) Observe the Client Identifier and Server Identifier fields.
 * 15) Expand Option Request to view option details.
 * 16) Observe the requested options.

Activity 3 - Analyze DHCPv6 Reply Traffic
To analyze DHCPv6 Reply traffic:
 * 1) In the top Wireshark packet list pane, select the second DHCPv6 packet, labeled DHCPv6 Reply.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is the DHCPv6 server IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is your link-local IPv6 address.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is a dynamic port.
 * 10) Observe the Destination port.  Notice that it is dhcpv6-client (546).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is a Reply (7).
 * 13) Expand Client Identifier, Server Identifier, and Identity Association to view Reply details.
 * 14) Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.

Activity 4 - Analyze DHCPv6 Release Traffic
To analyze DHCPv6 Release traffic:
 * 1) In the top Wireshark packet list pane, select the third DHCPv6 packet, labeled DHCPv6 Release.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is your link-local IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is dhcpv6-client (546).
 * 10) Observe the Destination port.  Notice that it is dhcpv6-server (547).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is a Release (8).
 * 13) Expand Client Identifier, Server Identifier, and Identity Association to view Release details.
 * 14) Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.  This is the address that will be released on the DHCPv6 server.

Activity 5 - Analyze DHCPv6 Reply Traffic
To analyze DHCPv6 Reply traffic:
 * 1) In the top Wireshark packet list pane, select the second DHCPv6 packet, labeled DHCPv6 Reply.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is the DHCPv6 server IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is your link-local IPv6 address.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is a dynamic port.
 * 10) Observe the Destination port.  Notice that it is dhcpv6-client (546).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is a Reply (7).
 * 13) Expand Client Identifier and Server Identifier to view Reply details.
 * 14) Observe the MAC addresses and IPv6 addresses.  Notice that there is no Identity Association in reply to an address release.

Activity 6 - Analyze DHCPv6 Solicit Traffic
To analyze DHCPv6 Solicit traffic:
 * 1) In the top Wireshark packet list pane, select the fifth DHCPv6 packet, labeled DHCPv6 Solicit.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is your link-local IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is dhcpv6-client (546).
 * 10) Observe the Destination port.  Notice that it is dhcpv6-server (547).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is a Solicit (1).
 * 13) Expand Client Identifier, Identity Association, and Option Request to view Solicit details.
 * 14) Observe the MAC address, as well as any options if included.

Activity 7 - Analyze DHCPv6 Advertise Traffic
To analyze DHCPv6 Advertise traffic:
 * 1) In the top Wireshark packet list pane, select the sixth DHCPv6 packet, labeled DHCPv6 Advertise.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is the DHCPv6 server IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is your link-local IPv6 address.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is a dynamic port.
 * 10) Observe the Destination port.  Notice that it is dhcpv6-client (546).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is an Advertise (2).
 * 13) Expand Client Identifier, Server Identifier, and Identity Association to view Advertise details.
 * 14) Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.

Activity 8 - Analyze DHCPv6 Request Traffic
To analyze DHCPv6 Request traffic:
 * 1) In the top Wireshark packet list pane, select the seventh DHCPv6 packet, labeled DHCPv6 Request.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be the DHCPv6 multicast MAC address 33:33:00:01:00:02 and the source should be your MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is your link-local IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is the DHCPv6 multicast address ff02::1:2.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is dhcpv6-client (546).
 * 10) Observe the Destination port.  Notice that it is dhcpv6-server (547).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is a Request (3).
 * 13) Expand Client Identifier, Identity Association, and Option Request to view Request details.
 * 14) Observe the MAC address, as well as any options if included.

Activity 9 - Analyze DHCPv6 Reply Traffic
To analyze DHCPv6 Reply traffic:
 * 1) In the top Wireshark packet list pane, select the eighth DHCPv6 packet, labeled DHCPv6 Reply.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / User Datagram Protocol / DHCPv6 frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination and Source fields.  The destination should be your MAC address and the source should be your DHCPv6 server's MAC address.
 * 5) Expand Internet Protocol Version 6 to view IPv6 details.
 * 6) Observe the Source address.  Notice that the source address is the DHCPv6 server IPv6 address.
 * 7) Observe the Destination address.  Notice that the destination address is your link-local IPv6 address.
 * 8) Expand User Datagram Protocol to view UDP details.
 * 9) Observe the Source port.  Notice that it is a dynamic port.
 * 10) Observe the Destination port.  Notice that it is dhcpv6-client (546).
 * 11) Expand DHCPv6 to view DHCPv6 details.
 * 12) Observe the DHCPv6 Message Type.  Notice that it is a Reply (7).
 * 13) Expand Client Identifier, Server Identifier, and Identity Association to view Reply details.
 * 14) Observe the MAC addresses, IPv6 addresses, and lease time, as well as any options if included.
 * 15) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.