Some IPv6 Tools As a Short Preview of the Hacking & Protecting IPv6 Networks Training funtime…
Fred Bovy. Copyright IPv6 For Life!
iperf Traffic Generator To test firewall rules and performance
Iperf to test the network performances ¡ One End is started as a server
¡ One End as a client
¡ Iperf is a traffic generator to test the IP or IPv6 Network Performances
¡ Usefull to test a firewall rules
¡ TCP or UDP and Port number can be given to the CLI
Iperf –V to test IPv6 Client Report bugs to <[email protected]> root@ks363021:~# iperf -c 2001:41d0:8:68dd:1:2:3:4 -V -u -t 30 -i 1 -b 5M -p 25 ------------------------------------------------------------ Client connecting to 2001:41d0:8:68dd:1:2:3:4, UDP port 25 Sending 1470 byte datagrams UDP buffer size: 122 KByte (default) ------------------------------------------------------------ [ 3] local 2001:41d0:1:f24a:1:2:3:4 port 48738 connected with 2001:41d0:8:68dd:1:2:3:4 port 25 [ ID] Interval Transfer Bandwidth [ 3] 0.0- 1.0 sec 612 KBytes 5.01 Mbits/sec [ 3] 1.0- 2.0 sec 610 KBytes 5.00 Mbits/sec [ 3] 2.0- 3.0 sec 610 KBytes 5.00 Mbits/sec [ 3] 3.0- 4.0 sec 610 KBytes 5.00 Mbits/sec
SERVER root@ns3000172# iperf -s -V -u -B 2001:41d0:8:68dd:1:2:3:4 25 ------------------------------------------------------------ Server listening on UDP port 25 Binding to local address 2001:41d0:8:68dd:1:2:3:4 Receiving 1470 byte datagrams UDP buffer size: 122 KByte (default) ------------------------------------------------------------
Nmap Port Scanner Port Scanner
nmap -6 to scan open open port with IPv6 root@ks363021:~# nmap -6 2001:41d0:8:68dd:1:2:3:4
Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-26 18:02 CEST
Interesting ports on ipv6forlife.com (2001:41d0:8:68dd:1:2:3:4):
Not shown: 993 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 4.49 seconds
root@ks363021:~#
Scapy A powerfull multi-function tool
What is Scapy? “Scapy is a powerful interactive packet manipulation program.
It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery
(it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).
It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel ...), etc.”
(Sourced from https://www.secdev.org/projects/Scapy/).�
Scapy installation ¡ Scapy is python application which uses many
libraries.
¡ To make sure that you do not forget anything, here is the line command to use:
¡ apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx
Scapy: Send a packet >>> send(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ICMP()/"HelloWorld")
.
Sent 1 packets.
>>>
¡ send - this tells Scapy that you want to send a packet (just a single packet)
¡ IPv6 - the type of packet you want to create, in this case an IPv6 packet
¡ (dst=” 2001:41d0:8:68dd:1:2:3:4”) - the destination to send the packet to (in this case my router)
¡ /ICMP() - you want to create an ICMP packet with the default values provided by Scapy
¡ /”HelloWorld”) - the payload to include in the ICMP packet (you don’t have to provide this in order for it to work.
Scapy: Send TCP >>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=21))
Begin emission:
Finished to send 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
>>> h
(<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)
>>>
Scapy: Send a range of TCP >>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=[21,22,80]))
Begin emission:
*...*Finished to send 3 packets.
*
Received 6 packets, got 3 answers, remaining 0 packets
>>> h
(<Results: TCP:3 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)
>>>
Scapy: Request DNS
Scapy: Sending Hop-by-Hop
Sniff icmp6 packets >>> sniff(iface="eth0", filter="icmp6", count=10)
<Sniffed: TCP:4 UDP:0 ICMP:0 Other:6>
>>> a=_
>>> a.nsummary()
0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A
0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A
0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw
0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A
0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d3
0005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400)
0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00
0007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3)
0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00
0009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4)
>>>
Traceroute
>>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.cisco.com","yoda.ipv6forlife.com"]) Begin emission: .................*..........*..*.*........*.....*.*..*..*.*...**..*..*.*...*...*.....**....*.........**..*...*.*.*....**..*...**...*......*.*.....*..........**......*........*.*..*.......**...*...*.*...*...**Finished to send 90 packets. ...*......*....*..*............*.*..*.....**..*....**..*..........*.*....*......**....*..........**.....**.*.....*.....*....*............*.....*......*................................. Received 392 packets, got 79 answers, remaining 11 packets 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 2a02:26f0:0026:0003:8700:0000:0000:0090 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fe 3 - - 2 2001:41d0::a91 3 2001:41d0::aa1 3 2001:41d0::6b1 3 3 2001:41d0::167 3 2001:41d0::b72 3 - 4 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 2001:7f8:4::7577:1 3 5 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 2001:7f8:4::51cc:1 3 6 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 2a02:26f0:26:3:8700::90 SA 7 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 2a02:26f0:26:3:8700::90 SA 8 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 9 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 10 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 11 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 12 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 13 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 14 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 15 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 16 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 17 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 18 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 19 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 20 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 21 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 22 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 23 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 24 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 25 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA - 26 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA 27 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA 28 2001:41d0:8:68dd:1:2:3:4 SA - - 29 - - 2a02:26f0:26:3:8700::90 SA 30 - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA (<Traceroute: TCP:67 UDP:0 ICMP:0 Other:12>, <Unanswered: TCP:11 UDP:0 ICMP:0 Other:0>) >>>
Traceroute >>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.ipv6.cisco.com","yoda.ipv6forlife.com"]) Begin emission: ....................................................................................*...........................*.....*.....*......*.*....*..*..*...*....*.*..*...*..*....*....................*......*.*...................*.*..........*..*......*....*..Finished to send 90 packets. ....*...*..*..*....*.*.................*..*....*.......*...*.............*.*.*....*...*..*..*.*..........**...*......**..*...*..........*.......*.*..........*.*........*.*....*...*.....
Received 436 packets, got 60 answers, remaining 30 packets 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 3 3 2001:41d0::782 3 2001:41d0::171 3 2001:41d0::b72 3 4 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 5 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 6 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 7 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 8 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA - 10 2001:1890:ff:ffff:12:122:1:173 3 - - 11 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 12 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 13 - 2001:41d0:8:68dd:1:2:3:4 SA - 14 2001:420:1100:6::1 3 - - 15 2001:420:1100:2::1 3 - - 16 - 2001:41d0:8:68dd:1:2:3:4 SA - 17 2001:420:1101:1::a SA - - 18 - 2001:41d0:8:68dd:1:2:3:4 SA - 19 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 21 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA - 25 2001:420:1101:1::a SA - - 26 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 27 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 28 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 29 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA - 30 - 2001:41d0:8:68dd:1:2:3:4 SA -
(<Traceroute: TCP:38 UDP:0 ICMP:0 Other:22>, <Unanswered: TCP:30 UDP:0 ICMP:0 Other:0>) >>>
Display the packet again >>> ans,unans=_ >>> unans <Unanswered: TCP:6 UDP:0 ICMP:0 Other:0>
>>> unans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:irc > 2001:41d0:0008:68dd:0001:0002:0003:0004:www S 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:7363 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S 0002 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:35159 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S 0003 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:3113 > 2001:0420:1101:0001:0000:0000:0000:000a:www S 0004 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:15173 > 2001:0420:1101:0001:0000:0000:0000:000a:www S 0005 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:27103 > 2001:0420:1101:0001:0000:0000:0000:000a:www S
>>> ans.show() 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 3 3 2001:41d0::782 3 2001:41d0::167 3 2001:41d0::b72 3 4 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 5 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 6 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 7 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 8 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 10 2001:1890:ff:ffff:12:122:1:173 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 11 2001:1890:ff:ffff:12:122:28:174 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 12 2001:1890:ff:ffff:12:122:119:9 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 13 2001:1890:c00:8701::11b7:3f7f 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 14 2001:420:1100:6::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 15 2001:420:1100:2::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 16 2001:420:1100:100::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 17 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 18 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 19 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 21 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 25 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 26 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 27 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 28 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 29 - 2001:41d0:8:68dd:1:2:3:4 SA - >>>
Ping TCP flag « A » >>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,666],flags="A"))
Begin emission:
..............Finished to send 2 packets.
..............**
Received 30 packets, got 2 answers, remaining 0 packets
>>> ans.show()
0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R
0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:666 A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:666 > 2001:41d0:1:f24a:1:2:3:4:ftp_data R
>>>
>>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,25],flags="A"))
Begin emission:
......Finished to send 2 packets.
.......................*.......*
Received 38 packets, got 2 answers, remaining 0 packets
>>> ans.show()
0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R
0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:smtp A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:smtp > 2001:41d0:1:f24a:1:2:3:4:ftp_data R
>>> unans.show()
>>>
Sniff packets >>> sniff()
^C<Sniffed: TCP:1113 UDP:3 ICMP:0 Other:19>
>>>
>>> a=_
>>> a.nsummary()
0000 Ether / IP / TCP 91.121.177.74:ssh > 82.242.109.52:53421 PA / Raw
0001 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 A
0002 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 PA / Raw
[SNIP]
>>> a[3]
<Ether dst=00:00:0c:07:ac:01 src=38:60:77:d4:fa:d3 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=52 id=52244
flags=DF frag=0L ttl=64 proto=tcp chksum=0xa1c5 src=91.121.177.74 dst=82.242.109.52 options='' |<TCP sport=8880
dport=52586 seq=3851900756 ack=4220157835 dataofs=8L reserved=0L flags=A window=122 chksum=0xcd10 urgptr=0
options=[('NOP', None), ('NOP', None), ('Timestamp', (962435905, 1350247719))] |>>>
Sniff icmp6 packets >>> sniff(iface="eth0", filter="icmp6", count=10)
<Sniffed: TCP:4 UDP:0 ICMP:0 Other:6>
>>> a=_
>>> a.nsummary()
0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A
0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A
0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw
0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A
0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d3
0005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400)
0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00
0007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3)
0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00
0009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4)
>>>
Nessus Lab/Demo #2
What is Nessus? ¡ Nessus is a powerfull Security Scanner
¡ It scan a host or a subnet for the host and look for all the system weaknesses which could be used to attack your system
¡ It is a great tool to perform a Security Audit before a change in the Network and After
Nessus Scanning Result in Real-time
Nessus Scan Complete
Firewall ASA Lab/Demo #3
CISCO Firewall ¡ PIX Firewall since the early 90s
¡ PIX was the #1 IP firewall for many years
¡ The #2 was Checkpoint on Windows with its own IP Stack
¡ The PIX and now the ASA has its own OS which is much stronger than other Firewalls running on Windows
¡ Today FORTINET propose a very powerfull Appliance to compete with ASA
Firewall CISCO ASA Ext Hdr
ASA Firewall ASDM & CLI
ASA Firewall ASDM
SNORT Lab with Tools
What is Snort ? Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
Snort also has a modular real-time alerting capability, incorporating alerting and logging plugins for syslog, a ASCII text files, UNIX sockets, database (Mysql/PostgreSQL/Oracle/ODBC) or XML.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.
Snort logs packets in tcpdump(1) binary format, to a database or in Snort's decoded ASCII format to a hierarchy of logging directories that are named based on the IP address of the "foreign" host.
Log info in Syslog
http://manual.snort.org/node2.html
SNORT Example from Syslog while shutdown host Aug 28 06:46:02 ns3000172 snort[21339]: Breakdown by protocol (includes rebuilt packets): Aug 28 06:46:02 ns3000172 snort[21339]: ETH: 672145 (100.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ETHdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: VLAN: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IPV6: 107583 (16.006%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6 EXT: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6opts: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6disc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP4: 505375 (75.188%) Aug 28 06:46:02 ns3000172 snort[21339]: IP4disc: 9988 (1.486%) Aug 28 06:46:02 ns3000172 snort[21339]: TCP 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: UDP 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP-IP: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: TCP: 124453 (18.516%) Aug 28 06:46:02 ns3000172 snort[21339]: UDP: 269581 (40.108%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP: 91894 (13.672%) Aug 28 06:46:02 ns3000172 snort[21339]: TCPdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: UDPdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMPdis: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: FRAG: 84 (0.012%) Aug 28 06:46:02 ns3000172 snort[21339]: FRAG 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ARP: 59187 (8.806%) Aug 28 06:46:02 ns3000172 snort[21339]: EAPOL: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ETHLOOP: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IPX: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: OTHER: 9375 (1.395%) Aug 28 06:46:02 ns3000172 snort[21339]: DISCARD: 12087 (1.798%) Aug 28 06:46:02 ns3000172 snort[21339]: InvChkSum: 70086 (10.427%) Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 1: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 2: 1 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: Total: 672145 Aug 28 06:46:02 ns3000172 snort[21339]:
Snort Utilization ¡ Sniffer Mode
« Snort –vde�
08/29-01:47:12.381297 6C:9C:ED:BB:BD:80 -> E0:CB:4E:8C:2A:8A type:0x800 len:0x42^C
82.242.109.52:59762 -> 37.59.45.221:22 TCP TTL:54 TOS:0x0 ID:43280 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xAE2BFE00 Ack: 0x3C33BDF7 Win: 0x802C TcpLen: 32
TCP Options (3) => NOP NOP TS: 1653158964 69394
*** Caught Int-Signal
Run time prior to being shutdown was 2.419819 seconds
===============================================================================
Packet Wire Totals:
Received: 1948
Analyzed: 1946 (99.897%)
Dropped: 0 (0.000%)
Outstanding: 2 (0.103%)
===============================================================================
Breakdown by protocol (includes rebuilt packets):
ETH: 1946 (100.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 4 (0.206%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 1942 (99.794%)
IP4disc: 335 (17.215%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)…
SNMPv3 Over IPV6
SNMP Version 3
¡ MD5 or SHA Hash for Authetntication not to send password in Clear Text
¡ DES is used to Encrypt/Decrypt SNMP Messages
w
In SNMPv3 no more Manager and Objects but Entities
Command Generator
Command Responder
Notification Receiver
Notification Originator
Proxy Forwarder
Other
Application(s)
DISPATCHER Message
Processing Subsystem
Security Subsystems
SNMP Engine Identified by (SnmpEngineID)
Access Control
Subsystems
SNMP Entities
SNMPv3 Minimum Parameters ¡ Username
¡ Security Level « Some applications require you to explicitly set the security level and
others determine it based on the combination of authentication and privacy protocol in use. �
« The specified values are noAuthNoPriv, which is no authentication and no privacy, authNoPriv,which is authentication and no privacy,and authPriv, which is authentication and privacy. Note that you cannot have privacy without authentication, but you can have authentication without privacy.�
SNMPv6 on IPv6 Edit /etc/snmp/snmpd.conf rocommunity IPv6ForLife63 rocommunity6 IPv6ForLife63 syslocation "OVH Datacenter" syscontact [email protected] #Users Creation createUser monitor SHA monitorpw createUser engineer MD5 engineerpw createUser supervisor MD5 supervisorpw DES supervisorx #Access features rouser monitor noauth .1.3.6.1.2.1 rouser engineer auth .1.3.6.1.2.1 rwuser supervisor auth .1.3.6.1.2.1.1 rouser supervisor priv .1.3.6.1.2.1 "/etc/snmp/snmpd.conf" Restart the server root@ns3000172:/etc/snmp# snmpd udp:161,udp6:161 Try the Client locally root@ns3000172:/etc/snmp# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0 SNMPv2-MIB::sysLocation.0 = STRING: "OVH Datacenter” Try with IPv4 Client root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: "\"OVH Datacenter\"” Try with IPv6 Client root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: "\"OVH Datacenter\"” 15L, 415C root@ns3000172:/etc/snmp# snmpd udp:161,udp6:161 root@ns3000172:/etc/snmp# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0 SNMPv2-MIB::sysLocation.0 = STRING: "OVH Datacenter" root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: "\"OVH Datacenter\"" root@ubuntu:/home/fred#
SNMPv3 AuthNoPriv
root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: "\"OVH Datacenter\
SNMPv3 AuthPriv IPv6 snmpget -v 3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0
And this is not finished… ¡ More Tools and more fun during the Training.
http://ipv6forlife.com/modulation/IPv6HackSecu4.html