New Dust with Old Brooms

Display Filter

If you are only interested in a subset of the captured packets (Figure 2), you can display them using a display filter (Figure 3). To use a display filter, define a filter expression in the filter bar. Such a filter expression can have the following format:

• Protocol: IPv6
• Attribute == Value: For example, ipv6.src == fe80::f957:3844:95e5:9d17.
• Complex: Combinations of two or more expressions with the help of "and" (&&) or "or" (||).

Figure 2: In Wireshark, you can customize the view of IPv6 traffic using a capture filter.

Figure 3: A display filter lets you choose to display specific parameters of the packet.

Alternatively, select arbitrary packet parameters with the right mouse button and then select Apply as filter . After that, Wireshark only displays the packets that have the same value for the parameters you specify. You can save the filters you set by pressing the button next to the filter bar.

Only Certain Parameters Are of Interest

In packet analysis, the IT manager is typically only interested in specific parameters. Instead of going through the details of each packet and checking each of these parameters in all packets, Wireshark lets you display these parameters as columns in the Packet List section. All you need to do is right-click on a parameter in the Packet Details window and select Apply as Column . This option can be useful, for example, when analyzing RA packets. The four flags M, O, L and A can be clearly displayed as columns.

Wireshark offers the possibility to color-highlight the different protocols. Use the Coloring Rule menu, which you can access via the Customize Colors option in the View menu. In the configuration profiles, user-defined configurations (e.g., the saved display filters and color schemes) can be stored. You can save the various profiles via the Configuration Profiles menu, which you can access via the Edit menu. Switch between the profiles in the status bar by clicking on Profile .

Sometimes it is helpful to add comments to packets during packet analysis. A comment lets you share additional information with another user who is viewing the PCAP file. Add a comment by right-clicking on a packet and selecting the Comment Packet option.

Conclusions

Once you have gotten used to the syntax and command set, Wireshark is an incredibly flexible and useful tool for IPv6. It helps administrators troubleshoot and analyze problems on the IPv6 network. Armed with some knowledge of the peculiarities of IPv6, you can use Wireshark to monitor traffic and troubleshoot problems on your IPv6 network.