Ask Your Question
0

Filter only NS and NA messages that used only in DAD (duplicate address detection process) in IPv6?

asked 2019-02-01 04:45:06 +0000

Ahmed gravatar image

Please, I make a monitor by using Wireshark on my network then I got 11,345 IPv6 packets for 25 minutes. Now I want to filter only NS and NA messages that using ONLY during "DAD process". Please help me with a suitable formula to do this filtration.

Thanks in advance

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-03-27 01:55:49 +0000

Hi Ahmed,

I can't think of a way to filter NS and NA used for DAD because these ICMPv6 packets are the exact same format being used for regular NS and NA traffic.

If you are monitoring a specific interface then you could narrow it down by using the MAC address of that interface.

You can build a display filter by manually entering the link local address of that interface. (FE80)

Ex. using MAC c2:00:54:f5:00:00 this gives you fe80::c000:54ff:fef5:0000

icmpv6.nd.ns.target_address == fe80::c000:54ff:fef5:0

The interface should send NS for its own address only for DAD process.

You may try the same for global addresses depending on how your network is configured.

Hope this helps.

Cheers,

JF

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-02-01 04:45:06 +0000

Seen: 163 times

Last updated: Mar 27