IPv6 tools

  • View
    13.608

  • Download
    1

Embed Size (px)

DESCRIPTION

These are a few tools that we are using during my advanced IPv6 Training and in particular the "Hacking and Protecting IPv6 Networks" Enjoy! http://www.ipv6forlife.com/modulation/IPv6HackSecu4.html

Transcript

  • 1. Some IPv6 ToolsAs a Short Preview of the Hacking & ProtectingIPv6 Networks Training funtimeFred Bovy.Copyright IPv6 For Life!

2. iperfTraffic Generator To test firewall rules andperformance 3. Iperf to test the networkperformances One End is started as a server One End as a client Iperf is a traffic generator to test the IP or IPv6 NetworkPerformances Usefull to test a firewall rules TCP or UDP and Port number can be given to the CLI 4. Iperf V to test IPv6ClientReport bugs to root@ks363021:~# iperf -c 2001:41d0:8:68dd:1:2:3:4 -V -u -t 30 -i 1 -b 5M -p 25------------------------------------------------------------Client connecting to 2001:41d0:8:68dd:1:2:3:4, UDP port 25Sending 1470 byte datagramsUDP buffer size: 122 KByte (default)------------------------------------------------------------[ 3] local 2001:41d0:1:f24a:1:2:3:4 port 48738 connected with 2001:41d0:8:68dd:1:2:3:4 port 25[ ID] Interval Transfer Bandwidth[ 3] 0.0- 1.0 sec612 KBytes 5.01 Mbits/sec[ 3] 1.0- 2.0 sec610 KBytes 5.00 Mbits/sec[ 3] 2.0- 3.0 sec610 KBytes 5.00 Mbits/sec[ 3] 3.0- 4.0 sec610 KBytes 5.00 Mbits/secSERVERroot@ns3000172# iperf -s -V -u -B 2001:41d0:8:68dd:1:2:3:4 25------------------------------------------------------------Server listening on UDP port 25Binding to local address 2001:41d0:8:68dd:1:2:3:4Receiving 1470 byte datagramsUDP buffer size: 122 KByte (default)------------------------------------------------------------ 5. Nmap Port ScannerPort Scanner 6. nmap -6 to scan open openport with IPv6root@ks363021:~# nmap -6 2001:41d0:8:68dd:1:2:3:4Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-26 18:02 CESTInteresting ports on ipv6forlife.com (2001:41d0:8:68dd:1:2:3:4):Not shown: 993 filtered portsPORT STATE SERVICE20/tcp closed ftp-data21/tcp openftp22/tcp openssh25/tcp opensmtp53/tcp opendomain80/tcp openhttp443/tcp open httpsNmap done: 1 IP address (1 host up) scanned in 4.49 secondsroot@ks363021:~# 7. ScapyA powerfull multi-function tool 8. What is Scapy?Scapy is a powerful interactive packet manipulation program.It is able to forge or decode packets of a wide number ofprotocols, send them on the wire, capture them, matchrequests and replies, and much more. It can easily handle most classical tasks like scanning,tracerouting, probing, unit tests, attacks or network discovery(it can replace hping, 85% of nmap, arpspoof, arp-sk, arping,tcpdump, tethereal, p0f, etc.).It also performs very well at a lot of other specific tasks that mostother tools cant handle, like sending invalid frames, injectingyour own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encryptedchannel ...), etc. (Sourced from https://www.secdev.org/projects/Scapy/). 9. Scapy installation Scapy is python application which uses manylibraries. To make sure that you do not forget anything,here is the line command to use: apt-get install tcpdump graphviz imagemagickpython-gnuplot python-crypto python-pyx 10. Scapy: Send a packet>>> send(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ICMP()/"HelloWorld").Sent 1 packets.>>> send - this tells Scapy that you want to send a packet (just a single packet) IPv6 - the type of packet you want to create, in this case an IPv6 packet (dst= 2001:41d0:8:68dd:1:2:3:4) - the destination to send the packet to (inthis case my router) /ICMP() - you want to create an ICMP packet with the default valuesprovided by Scapy /HelloWorld) - the payload to include in the ICMP packet (you dont haveto provide this in order for it to work. 11. Scapy: Send TCP>>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=21))Begin emission:Finished to send 1 packets.*Received 1 packets, got 1 answers, remaining 0 packets>>> h(, )>>> 12. Scapy: Send a range of TCP>>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=[21,22,80]))Begin emission:*...*Finished to send 3 packets.*Received 6 packets, got 3 answers, remaining 0 packets>>> h(, )>>> 13. Scapy: Request DNS 14. Scapy: Sending Hop-by-Hop 15. Sniff icmp6 packets>>> sniff(iface="eth0", filter="icmp6", count=10)>>> a=_>>> a.nsummary()0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d30005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400)0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:000007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3)0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:000009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4)>>> 16. Traceroute>>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.cisco.com","yoda.ipv6forlife.com"])Begin emission:.................*..........*..*.*........*.....*.*..*..*.*...**..*..*.*...*...*.....**....*.........**..*...*.*.*....**..*...**...*......*.*.....*..........**......*........*.*..*.......**...*...*.*...*...**Finished to send 90 packets....*......*....*..*............*.*..*.....**..*....**..*..........*.*....*......**....*..........**.....**.*.....*.....*....*............*.....*......*.................................Received 392 packets, got 79 answers, remaining 11 packets 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 2a02:26f0:0026:0003:8700:0000:0000:0090 :tcpwww1 2001:41d0:1:f2ff:ff:ff:ff:fe3- -2 2001:41d0::a9132001:41d0::aa1 32001:41d0::6b1 33 2001:41d0::16732001:41d0::b72 3-4 2001:41d0:8:68dd:1:2:3:4SA 2001:41d0::163 32001:7f8:4::7577:1 35 2001:41d0:8:68dd:1:2:3:4SA 2001:41d0::542 32001:7f8:4::51cc:1 36 2001:41d0:8:68dd:1:2:3:4SA 2a01:e00:2:e::232a02:26f0:26:3:8700::90SA7 2001:41d0:8:68dd:1:2:3:4SA 2a01:e35:2f26:d340::132a02:26f0:26:3:8700::90SA8 2001:41d0:8:68dd:1:2:3:4SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA9 2001:41d0:8:68dd:1:2:3:4SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA10 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA11 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA12 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA13 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA14 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA15 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA16 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA17 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA18 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA19 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA20 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA21 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA22 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA23 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA24 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA25 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA -26 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90SA27 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90SA28 2001:41d0:8:68dd:1:2:3:4 SA - -29 - - 2a02:26f0:26:3:8700::90SA30 - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90SA(, )>>> 17. Traceroute>>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.ipv6.cisco.com","yoda.ipv6forlife.com"])Begin emission:....................................................................................*...........................*.....*.....*......*.*....*..*..*...*....*.*..*...*..*....*....................*......*.*...................*.*..........*..*......*....*..Finished to send 90 packets.....*...*..*..*....*.*.................*..*....*.......*...*.............*.*.*....*...*..*..*.*..........**...*......**..*...*..........*.......*.*..........*.*........*.*....*...*.....Received 436 packets, got 60 answers, remaining 30 packets 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww12001:41d0:1:f2ff:ff:ff:ff:fd 32001:41d0:1:f2ff:ff:ff:ff:fe 32001:41d0:1:f2ff:ff:ff:ff:fd 322001:41d0::aa1 32001:41d0::a91 32001:41d0::aa1 332001:41d0::782 32001:41d0::171 32001:41d0::b72 342001:7f8:1::a500:6939:132001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 352001:470:0:3f::1 32001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 362001:470:0:128::132001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2372001:470:0:1dd::232001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1382001:1890:ff:ffff:12:122:81:11032001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA92001:1890:ff:ffff:12:122:3:3832001:41d0:8:68dd:1:2:3:4 SA -10 2001:1890:ff:ffff:12:122:1:173 3- -11 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA12 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA13 - 2001:41d0:8:68dd:1:2:3:4 SA -14 2001:420:1100:6::1 3- -15 2001:420:1100:2::1 3- -16 - 2001:41d0:8:68dd:1:2:3:4 SA -17 2001:420