Wireshark/IPv6 multicast

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze IPv6 multicast traffic.

Readings

 * Wikipedia: Multicast
 * Wikipedia: Multicast Address
 * Wikipedia: Simple Service Discovery Protocol (SSDP)
 * Wikipedia: Web Services Dynamic Discovery (WS-Discovery)

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture IPv6 Multicast Traffic
To capture IPv6 multicast traffic:
 * 1)  Start a Wireshark capture.
 * 2) In Windows, select Start and then type Network and Sharing Center in the Run box.  Press Enter.
 * 3) Select Change advanced sharing settings.
 * 4) Note the current status of Network discovery.  If it is already on, select Turn off network discovery and Save changes.
 * 5) Select Turn on network discovery and Save changes.
 * 6) Wait a few seconds for network discovery to generate multicast traffic.
 * 7) If Network discovery was initially off, select Turn off network discovery and Save changes to return the status to the original setting.  If network discovery was initially on, leave it on.
 * 8)  Stop the Wireshark capture.

Activity 2 - Analyze IPv6 Multicast Traffic
To analyze IPv6 multicast traffic:
 * 1) Observe the traffic captured in the top Wireshark packet list pane.  To view only IPv6 multicast traffic, type ipv6.addr >= ff00:: (lower case) in the Filter box and press Enter.
 * 2) The traffic you are most likely to see is ICMPv6 and Simple Service Discovery Protocol (SSDP) traffic.  You may also see Web Services Dynamic Discovery (WS-Discovery) traffic or other multicast traffic.  Whatever you find, select the first frame.
 * 3) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 6 frame.
 * 4) Expand Ethernet II to view the Ethernet details.
 * 5) Observe the Destination address.  Notice that it starts with 33:33, the Ethernet multicast address for IPv6.
 * 6) Expand Internet Protocol Version 6 to view IPv6 details.
 * 7) Observe the Destination address.  Notice that it begins with ff (ff00::/8), the IPv6 multicast range.  If it is SSDP or WS-Discovery traffic, it will be addressed to ff02::c.
 * 8) Select additional frames and observe the Ethernet and IPv6 details for multicast traffic.
 * 9) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.