Decode packet data using bultin dissector

Question

I have a protocol that exactly follows ipv6 header format and is encapsulated in udp for transmission. Is there any way to make wireshark decode the udp data as an ip packet?

Answer 1

There's a protocol called "Teredo Tunneling" (which see) which encapsulates/tunnels IPV6 in UDP packets (using UDP port 3544).

If your capture is of a UDP conversation using UDP port 3544 on one end of the conversation, then Wireshark should automatically recognize the conversation as Teredo (i.e., IPV6 over UDP) and properly decode the IPV6 payload in the UDP data.

If your capture is using a different UDP port, do the following to specify that a particular UDP conversation is to be decoded as Teredo:

1. Right click on a UDP frame you wish to decode as Teredo.

2. Select "Decode As" in the right-click menu.

3. Select the "Transport" tab in the "Decode As" pop-up window.

4. Select Teredo in the right-hand "decode as" column.

5. Click "OK".