First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Filter only NS and NA messages that used only in DAD (duplicate address detection process) in IPv6?

  • retag add tags

Please, I make a monitor by using Wireshark on my network then I got 11,345 IPv6 packets for 25 minutes. Now I want to filter only NS and NA messages that using ONLY during "DAD process". Please help me with a suitable formula to do this filtration.

Thanks in advance

Ahmed's avatar
1
Ahmed
asked 2019-02-01 04:45:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Hi Ahmed,

I can't think of a way to filter NS and NA used for DAD because these ICMPv6 packets are the exact same format being used for regular NS and NA traffic.

If you are monitoring a specific interface then you could narrow it down by using the MAC address of that interface.

You can build a display filter by manually entering the link local address of that interface. (FE80)

Ex. using MAC c2:00:54:f5:00:00 this gives you fe80::c000:54ff:fef5:0000

icmpv6.nd.ns.target_address == fe80::c000:54ff:fef5:0

The interface should send NS for its own address only for DAD process.

You may try the same for global addresses depending on how your network is configured.

Hope this helps.

Cheers,

JF

Spooky's avatar
191
Spooky
answered 2019-03-27 01:55:49 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer