Question
Answer Questions in each lab. Capstone Lab 2.1: Configure a Wireshark Display Filter to View ICMPv6 Packet Too Big messages Time Required: 15 minutes Objective:
Answer Questions in each lab.
Capstone Lab 2.1: Configure a Wireshark Display Filter to View ICMPv6 Packet Too Big messages Time Required: 15 minutes Objective: Use Wireshark to view a trace file and configure a display filter to view ICMPv6 Packet Too Big messages. Description: In this lab, you will create a display filter in Wireshark and apply it to a trace file to view ICMPv6 messages. ICMPv6 Packet Too Big messages come from routers along the path between the sending host and destination host. A router in the path may have a lower maximum transmission unit (MTU) value set. Therefore, if a packet is received that is larger than the routers MTU, it sends a Packet Too Big message back to the sending host informing it of the MTU size, so the sender can start over with a smaller packet size. You need the capstone-labs-2-trace-file.pcapng file to complete the lab.
- Start Wireshark and open the capstone-labs-2-trace-file.pcapng file.
- Configure a display filter to find all ICMPv6 type 2 packets.
- Apply the filter to the trace file.
- Browse the list of ICMPv6 Packet Too Big packets and select one.
- Expand Internet Control Message Protocol v6 in the packet details pane.
- Note the value for MTU: _______________
- View the Internet Protocol Version 6 section (under the Internet Control Message Protocol v6 section) and note the source and destination IPv6 addresses. Why are they different than the source and destination addresses in the header of this packet?
- Review additional packets from the packets list pane. Are there different source/destination pairs in this trace file?
- What did you accomplish in this part of Capstone Lab 2? Summarize your answer.
- Clear the display filter box.
Capstone Lab 2.2: Create Wireshark Display Filters to View Neighbor Discovery Protocol Messages Time Required: 15 minutes Objective: Use Wireshark to view a trace file and configure display filters to view Neighbor Discovery Protocol messages from a specific host. Description: In this lab, you will use Wireshark to configure specific display filters to view individual Neighbor Discovery Protocol messages. During the lab, you will discover which router is the IPv6 router (default gateway) and view validation messages that verify that the router is still available for use. You need the capstone-labs-2-trace-file.pcapng file to complete the lab.
- In Wireshark, open the capstone-labs-2-trace-file.pcapng file, if it's not already open.
- Configure a display filter so find all ICMPv6 type 133 Router Solicitation packets.
- Apply the filter to the trace file.
- With the Router Solicitation packets displayed, select one of those packets and note the packet number and the IPv6 source address of the host.
- Configure a different display filter to display all IPv6 packets.
- Apply the filter to the trace file.
- By selecting a Router Solicitation packet and looking at all of the IPv6 messages, you can see associated packets in the vicinity of the selected Router Solicitation. You should observe a few Router Advertisements soon after the Router Solicitation message sent by the host. We specifically know that our correct IPv6 router is known by fe80::f252. Select one of the Router Advertisement packets that has an IPv6 source address of fe80::f252 and make note of this packet number.
- Expand Internet Control Message Protocol v6 and view the ICMPv6 Option (Source link-layer address) field. Note the MAC address for the router.
- The host must know its IPv6 router's IP address and MAC address in order to communicate off its local network segment. However, the host needs to periodically verify that the IPv6 router is still available on this network segment. This process uses a Neighbor Solicitation message from the host to the router. The router will reply back to the host with a Neighbor Advertisement message. Look through the packet list for a Neighbor Solicitation message with a source address of the host and destination address for the router, and the routers reply. Make notes as to these packet numbers. Approximately how many seconds elapsed between the Router Solicitation/Router Advertisement messages and the Neighbor Soliciation/Neighor Advertisement messages?
- What did you accomplish in this part of Capstone Lab 2? Summarize your answer.
- Clear the display filter box.
Capstone Lab 2.3: Create a Wireshark Display Filters to View Multiple IPv6 Routers and DHCPv6 Servers Time Required: 15 minutes Objective: Use Wireshark to view a trace file and configure display filters to view Router Advertisement and DHCPv6 Advertise packets. Description: In this lab, you will use Wireshark to configure display filters to view Router Advertisement and DHCPv6 Advertise packets. You are to investigate the configurations of various DHCPv6 messages that are being seen by the client, as well as why the client gets a DHCPv6 address from a specific DHCPv6 server, and sometimes from a different DHCPv6 server. You need the capstone-labs-2-trace-file.pcapng file to complete the lab.
- In Wireshark, open the capstone-labs-2-trace-file.pcapng file, if it's not already open.
- Configure a display filter so find ICMPv6 type 133 Router Solicitation or ICMPv6 type 134 router advertisement or DHCPv6 packets. You will need to observe these different packets and well as look at some detail in the packets.
- Apply the filter to the trace file.
- Early in this trace file you will observe the DHCPv6 Solicitation/Advertise/Request/Reply (SARR) process, but there are two DHCPv6 Advertise messages seen. The DHCPv6 Advertise message from fe80::f252 is considered the correct one for this network. The issue is, which DHCPv6 server will the host request an address from? The answer is, whichever DHCPv6 has the higher priority setting in its Advertise message, that is, the DHCPv6 server the host will request an IPv6 address from. If the DHCPv6 servers have the same value set (generally DHCPv6 servers have no preference value set and therefore none is sent in the advertise message), the host will request an address from the first DHCPv6 server that replies. Select the DHCPv6 Request message that the host sends soon after receiving the two DHCPv6 Advertise messages.
- Expand DHCPv6, expand Server Identifier, and then view and make note of the Link-layer address.
- Select the DHCPv6 Reply message that is after the DHCPv6 Request. Looking in the Ethernet II field on the packet details pane, this should be the same MAC address as noted in the previous step (link-layer address). Is this the known/valid DHCPv6 server?
- In the packet list, scroll down to and select packet number 9679, which is a DHCPv6 Advertise message.
- Expand DHCPv6. Looking at those options, do you see a Preference field?
- Select the next packet (9680) and view the DHCPv6 options. Do you see a Preference field?
- Select the DHCPv6 Request message that the host sends soon after receiving the two DHCPv6 Advertise messages.
- Expand DHCPv6, expand Server Identifier, and then view and make note of the Link-layer address.
- Select the DHCPv6 Reply message that is after the DHCPv6 Request. Looking in the Server Identifier field in the packet details pane, this should be the same MAC address as noted in the previous step (link-layer address). Is this the known/valid DHCPv6 server (or its relay)?
- Bonus question: Is fe80::f252 the actual DHPCv6 server? How can you tell?
- What did you accomplish in this part of Capstone Lab 2? Summarize your answer.
- Clear the display filter box.
Capstone Lab 2.4: Configure Wireshark Display Filters to View DNS Queries for AAAA Record Types Time Required: 15 minutes Objective: Use Wireshark to view a trace file and configure display filters to view DNS queries for AAAA Record types specifically from IPv6 hosts. Description: In this lab, you will create display filters in Wireshark and apply them to a trace file to view DNS messages. You need the capstone-labs-2-trace-file.pcapng file to complete the lab.
- In Wireshark, open the capstone-labs-2-trace-file.pcapng file, if it's not already open.
- Configure a display filter to find all DNS packets.
- Apply the filter to the trace file.
- Browse the list of DNS packets and select a packet that has a AAAA query in the Info column.
- Expand Domain Name System (query).
- Expand Queries, expand the listed DNS section, right-click Type: AAAA (IPv6 Address) (28), select Apply as Filter, and then select Selected.
- In the packet list pane, select a query packet with a source IPv6 address of 2001:db8:1ab:1001::108, expand Internet Protocol Version 6, right-click on Source: 2001:db8:1ab:1001::108, select Apply as Filter, and then select and Selected.
- In the Domain Name System (query) section, expand Queries (if not already expanded), expand the listed domain name section, right-click Name:
, select Apply as Filter, and then select and Selected. - In the filter bar, edit the current domain-name to read www.ipv6sandbox.com, and press Enter.
- How many packets are displayed?
- What did you accomplish in this part of Capstone Lab 2? Summarize your answer.
- Close Wireshark, and do not select Save if prompted to save changes upon closing.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started