🅭

Why ‘IPv6 Control Message’ uses so much data in Windows 10

The Data usage report in Windows Settings keeps track of how much network bandwidth your Windows 10 device has used in the last 30-day period. You may see an entry labeled ‘IPv6 Control Message’ near the bottom of the list which uses a small amount of data. However, this entry can consume hundreds of megabytes of data under certain conditions. In this article, I’ll look into why this process may end up consuming so much data.

IPv6 is the next-generation internet protocol. Unlike the previous version, IPv4, IPv6 networks are designed to be self-configuring. As a device is connected to a network, it will broadcast a request to any router on the network to identify itself and send the device configuration instructions so that it may configure itself. Routers will also periodically announce themselves so that every device on the network is notified of any changes to the local network or how to reach the global internet.

These messages used to auto-configure network configuration is counted in the Data usage report in Windows 10 as IPv6 Control Messages (ICMPv6.) There are a few other diagnostic and maintenance messages that go into this category, but they’ve mostly used by network administrators in short time periods for troubleshooting purposes.

Windows 10 doesn’t differentiate between traffic sent only on the local network and what goes out to the public internet. Your internet service provider only counts/charges for traffic that leaves your local network. ICMPv6 network traffic is only sent to the nearest router. On most residential and office networks, you’ll most likely be connected to the internet behind a gateway router. On a mobile network, your nearest router would be on your ISPs local network. If your device is connected directly to the internet or it’s using a mobile data connectivity, ICMPv6 packages will be counted towards your data cap.

Normally, these network control messages will use less than a megabyte in a month for a computer that’s on a fixed and stable network connection. It can use a little more for mobile devices that move between networks or use less reliable wireless connections. On a network with hundreds of wireless devices or laptops, ICMPv6 may be logged as having used a couple of megabytes in a month. If your network has hundreds of devices on it, you can ask the network administrator to split the network into several smaller subnets with smaller subnet masks to mitigate the problem.

Troubleshooting high ICMPv6 data usage

Troubleshooting high ICMPv6 utilization is most critical for battery powered devices connected over Wi-Fi. Devices can never power down their wireless antennas and enter power savings mode if these they’re constantly receiving broadcast messages on the local network in the form of ICMPv6 message. This could help explain unexpected battery drainage on your smartphone when it’s connected to your home or office Wi-Fi network.

If you’re seeing high data usage from IPv6 Control Messages in Windows 10, then there’s something wrong with your network equipment. It could be a problem with your device’s Ethernet card or its Wi-Fi module. If your computer suffers intermittent network outages or otherwise keeps dropping off and on the network, this would explain unusually high uses of ICMPv6 from your device.

More frustratingly, it can also be caused by another computer, or another network connected device, your router or other network equipment, or even faulty network wires. ICMPv6 use broadcast messages for most things, meaning that most of the time — every device connected to the same local network will receive ICMPv6 messages to and from every other device on the network. This is an intentional design that makes devices on the same network aware of each other, which is a desirable attribute of a well configured network most of the time.

To identify which device(s) is causing the issue, you need to inspect the broadcast packet traffic in your network. You can use WireShark to do capture the network traffic. WireShark is a complex software and its use is out of scope for this article. If you’ve got a Linux or MacOS computer handy, you can issue the below command to have the tcpdump utility output every ICMPv6 package it sees on the network as they fly by.

tcpdump -nvvl icmp6

In the output from this command (or WireShark), you can look for repeating MAC/hardware addresses in ICMPv6 messages. The MAC address will be shown in a hexadecimal format represented like this: FF:FF:FF:FF:FF:FF. These addresses corresponding to a device on your network, and you may find it printed underneath your devices. If you can’t find the MAC address printed on the actual device, refer to the device’s or its operating system’s manual for details on how to find its MAC address.

This isn’t a quick task and does require some familiarity with network troubleshooting. However, once you’ve identified which issue is causing the problem, you can being to troubleshoot its connectivity issues or alternatively remove it from the network.