Analyzing Teredo with tshark and Wireshark

Johannes Ullrich wrote up a nice article on Teredo, the IPv6 tunneling protocol built in to all modern versions of Windows. If you’re not sure what terado is,

The protocol tunnels IPv6 traffic from hosts behind NAT gateways via UDP packets, exposing them via IPv6 and possibly evading commonly used controls like Intrusion Detection Systems (IDS), Proxies or other network defenses.

This is an excellent read for how to detect and analyze the traffic.