Linux
Detect IPv6 hosts
There is no arp table like in Ethernet/IPv4. But we can simulate is as follows to list all neightbours / directly reachable hosts:
ping6 -c 5 ff02::1%eth0 >/dev/null ip -6 neigh
Bonus: ip neigh shows the IPv4 address resolution table like the arp command does.
Detect IPv6 addresses for known IPv4 addresses
Scenario: You know a IPv4 address from a target. You don’t know the IPv6 address which you want to scan.
- Send a multicast ping to all interface-local and link-local addresses:
ping6 -c 5 ff02::1%eth0 - Check the neighbours cache:
ip neigh - Check which MAC address the device has with the IPv4 address you know.
- Search through the output where the same MAC address appears again.
Example:
# ping6 -c 2 ff02::1%eth0
...
root@slingshot:/tmp/jwp0ppy# ip neigh 192.168.178.21 dev eth0 lladdr 38:f9:d3:04:9b:32 REACHABLE 192.168.178.1 dev eth0 lladdr dc:39:6f:41:c8:52 STALE 192.168.178.67 dev eth0 lladdr 00:0c:29:57:25:7c STALE fe80::811:8e3e:4b7:8bdf dev eth0 lladdr 38:f9:d3:04:9b:32 REACHABLE 2001:a61:5e2:b201:45ae:677a:96cc:aff9 dev eth0 lladdr 00:0c:29:57:25:7c STALE fe80::6680:2d5d:4265:c42d dev eth0 lladdr 74:da:38:00:6a:a0 REACHABLE fe80::3a9e:a01b:2eb5:bcda dev eth0 lladdr 00:0c:29:57:25:7c REACHABLE fe80::20c:29ff:fe07:5872 dev eth0 lladdr 8c:85:90:5e:08:33 REACHABLE fe80::c12:759d:2d68:5c73 dev eth0 lladdr 70:14:a6:63:40:d6 REACHABLE
Now we know that the device with IPv4 192.168.178.67 is also reachable via IPv6 fe80::3a9e:a01b:2eb5:bcda. Note that this is a link-local address, which means that you have to provide the interface name at each usage. E.g. nmap -sT fe80::3a9e:a01b:2eb5:bcda%eth0.
Tools
- thc-ipv6: Ton of tools for IPv6 networking.
Leave a Reply
You must be logged in to post a comment.