Track IPv6 Traffic Patterns

Introduction

In this challenge, you will take on the role of a junior network analyst at NetSec Solutions tasked with monitoring IPv6 communication on a corporate network. Your objective is to use Wireshark to capture, filter, and document ICMPv6 ping packets as part of a routine security audit.

The challenge will test your ability to work with Wireshark's filtering capabilities specifically for IPv6 traffic, allowing you to identify and analyze ICMPv6 echo request and reply messages. By completing this task, you'll demonstrate essential network analysis skills required for verifying proper network operations in an IPv6 environment.

Skills Graph

Filter IPv6 Ping Traffic

As a junior network analyst at NetSec Solutions, you have been assigned to monitor IPv6 communication on the corporate network. Your supervisor has asked you to isolate ICMPv6 ping packets for a routine security audit. You must capture and document these specific packets using Wireshark to help verify proper network operations.

Tasks

• Use Wireshark to apply a display filter that shows only ICMPv6 Echo Request and Echo Reply packets
• Save the filtered capture as ipv6_ping.pcapng in the project directory

Requirements

1. First, run the provided script to enable IPv6 and generate traffic:

   cd ~/project
   ./generate_ipv6_traffic.sh

2. Launch Wireshark and start capturing packets on the active network interface (you can use the "any" interface to capture on all interfaces).

3. After capturing some packets, apply a display filter to show only ICMPv6 Echo Request and Echo Reply packets (ping packets).

4. Your filter must specifically target ICMPv6 ping packets, not all ICMPv6 traffic.

5. Save the filtered capture file as ipv6_ping.pcapng in the ~/project directory.

6. Ensure your capture contains at least 3 Echo Request or Echo Reply packets.

Examples

Here's what your Wireshark display might look like after applying the correct filter:

No.  Time        Source         Destination    Protocol  Length  Info
1    0.000000    fe80::1        fe80::2        ICMPv6    104     Echo (ping) request
2    0.000123    fe80::2        fe80::1        ICMPv6    104     Echo (ping) reply
3    1.001234    fe80::1        fe80::2        ICMPv6    104     Echo (ping) request
4    1.001345    fe80::2        fe80::1        ICMPv6    104     Echo (ping) reply

Only ICMPv6 Echo Request and Echo Reply packets should be visible in your filtered view.

Hints

• To view only ICMPv6 ping packets, you need to use a display filter that specifically targets Echo Requests and Echo Replies.
• Try using the icmpv6.type filter with the appropriate type values. Echo Request is type 128, and Echo Reply is type 129.
• You can combine filters using logical operators like or to show multiple packet types.
• To save a capture file, use File > Save As from the Wireshark menu.
• If you don't see any IPv6 traffic, make sure you've run the generate_ipv6_traffic.sh script successfully.

Summary

In this challenge, I acted as a junior network analyst at NetSec Solutions tasked with monitoring IPv6 communication on the corporate network. The objective was to isolate and document ICMPv6 ping packets using Wireshark for a routine security audit. This required enabling IPv6 on the system, capturing network traffic, and applying specific filters to identify ping traffic.

The challenge involved setting up the environment by running a script that enabled IPv6 and generated test traffic, then using Wireshark to capture and filter the ICMPv6 packets. I learned how to identify IPv6 addresses, apply display filters for ICMPv6 echo requests and replies, and analyze packet details to verify proper network operations. These skills are essential for network monitoring and troubleshooting in modern dual-stack IPv4/IPv6 environments.