Wireshark/ICMPv6 Time Exceeded

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze Internet Control Message Protocol Version 6 (ICMPv6) Time Exceeded traffic.

Readings

 * Wikipedia: Internet Control Message Protocol Version 6 (ICMPv6)

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture ICMPv6 Time Exceeded Traffic
To capture ICMPv6 Time Exceeded traffic:
 * 1)  Start a Wireshark capture.
 * 2) Use  ping -i 1 2001:4860:4860::8888 to ping one of Google's public IPv6 DNS servers with a hop limit of 1.
 * 3)  Stop the Wireshark capture.

Activity 2 - Analyze ICMPv6 Echo Request Traffic
To analyze ICMPv6 Echo Request traffic:
 * 1) Observe the traffic captured in the top Wireshark packet list pane.  Look for traffic with ICMPv6 listed as the protocol.  To view only ICMPv6 traffic, type icmpv6 (lower case) in the Filter box and press Enter.
 * 2) Select the first ICMPv6 packet, labeled Echo (ping) request.
 * 3) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.  Note if you are using an IPv6 tunnel, your IPv6 packet may be encapsulated inside an IPv4 or UDP packet.
 * 4) Expand Internet Protocol Version 6 to view IPv6 details.
 * 5) Observe the Hop limit.  Notice that the hop limit is set to 1.
 * 6) Expand Internet Control Message Protocol v6 to view ICMPv6 details.
 * 7) Observe the Type.  Notice that the type is Echo (ping) request (128).
 * 8) Select Data in the middle Wireshark packet details pane to highlight the data portion of the frame.
 * 9) Observe the packet contents in the bottom Wireshark packet bytes pane.  Notice that Windows sends an alphabet sequence during ping requests.

Activity 3 - Analyze ICMP Time Exceeded Traffic
To analyze ICMPv6 Time Exceeded traffic:
 * 1) In the top Wireshark packet list pane, select the second ICMPv6 packet, labeled Time Exceeded.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.  Again, if you are using an IPv6 tunnel, your IPv6 packet may be encapsulated inside an IPv4 or UDP packet.
 * 3) Expand Internet Protocol Version 6 to view IPv6 details.
 * 4) Observe the Source.  This is the IP address of the router where the hop limit was exceeded.
 * 5) Expand Internet Control Message Protocol v6 to view ICMPv6 details.
 * 6) Observe the Type.  Notice that the type is Time Exceeded (3).
 * 7) Observe the Code.  Notice that the code is 0 (Hop limit exceeded in transit).
 * 8) Observe the fields that follow.  Notice that the contents of the request packet are returned with the time exceeded error.
 * 9) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.