Wireshark/IPv4 multicast

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze IPv4 multicast traffic.

Readings

 * Wikipedia: Multicast
 * Wikipedia: Multicast Address
 * Wikipedia: Simple Service Discovery Protocol (SSDP)
 * Wikipedia: Web Services Dynamic Discovery (WS-Discovery)

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture IPv4 Multicast Traffic
To capture IPv4 multicast traffic:
 * 1)  Start a Wireshark capture.
 * 2) In Windows, select Start and then type Network and Sharing Center in the Run box.  Press Enter.
 * 3) Select Change advanced sharing settings.
 * 4) Note the current status of Network discovery.  If it is already on, select Turn off network discovery and Save changes.
 * 5) Select Turn on network discovery and Save changes.
 * 6) Wait a few seconds for network discovery to generate multicast traffic.
 * 7) If Network discovery was initially off, select Turn off network discovery and Save changes to return the status to the original setting.  If network discovery was initially on, leave it on.
 * 8)  Stop the Wireshark capture.

Activity 2 - Analyze IPv4 Multicast Traffic
To analyze IPv4 multicast traffic:
 * 1) Observe the traffic captured in the top Wireshark packet list pane.  To view only IPv4 multicast traffic, type ip.addr >= 224.0.0.0 (lower case) in the Filter box and press Enter.
 * 2) The traffic you are most likely to see is Simple Service Discovery Protocol (SSDP) traffic.  You may also see Web Services Dynamic Discovery (WS-Discovery) traffic or other multicast traffic.  Whatever you find, select the first frame.
 * 3) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 4 frame.
 * 4) Expand Ethernet II to view the Ethernet details.
 * 5) Observe the Destination address.  Notice that it starts with 01:00:5e, the Ethernet multicast address for IPv4.
 * 6) Expand Internet Protocol Version 4 to view IPv4 details.
 * 7) Observe the Destination address.  Notice that it is in the 224.0.0.0 - 239.255.255.255 IPv4 multicast range.  If it is SSDP or WS-Discovery traffic, it will be addressed to 239.255.255.250.
 * 8) Select additional frames and observe the Ethernet and IPv4 details for multicast traffic.
 * 9) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.