Wireshark/IPv6 Teredo

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze IPv6 Teredo traffic. Note: These activities do not require an IPv6 Internet connection. Teredo tunnels across IPv4.

Readings

 * IPv6
 * Teredo tunneling

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.
 * 4)  Enable Teredo if necessary.

Activity 1 - Capture IPv6 Teredo Traffic
To capture IPv6 Teredo traffic:
 * 1) Use  ipconfig /all to verify that you have a Teredo tunnel adapter.  If not, simply read along to understand the following concepts.
 * 2)  Start a Wireshark capture.
 * 3) Use  ping 2001:4860:4860::8888 to ping an Internet host by IPv6 address.
 * 4)  Stop the Wireshark capture.

Activity 2 - Analyze IPv6 Teredo Traffic
To analyze IPv6 Teredo traffic:
 * 1) Observe the traffic captured in the top Wireshark packet list pane.  Type teredo (lower case) in the Filter box and press Enter to select Teredo traffic.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 4 / User Datagram Protocol / Teredo IPv6 Over UDP Tunneling / Internet Protocol Version 6 / Internet Control Message Protocol v6 frame.  The IPv6 / ICMPv6 packets are encapsulated inside IPv4 / UDP packets and forwarded to a Teredo server for IPv6 forwarding.
 * 3) Expand Internet Protocol Version 6 and identify the Source Teredo Port number.
 * 4) Modify the Filter box to teredo || udp.port == .  For example, if the port number was 54321, you would enter a filter of teredo || udp.port == 54321.  Then press Enter.
 * 5) Observe the IPv6 Teredo traffic.
 * 6) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.