SlideShare ist ein Scribd-Unternehmen logo

IPv6 tools

Fred Bovy
Fred Bovy

The document provides a summary of various IPv6 tools including iperf for testing network performance, nmap for port scanning, scapy for packet manipulation and analysis, and traceroute for mapping routes between hosts. Key points covered include using these tools to test firewall rules, send packets with different protocols, sniff network traffic, and trace routes over IPv6 networks.

1 von 44
Downloaden Sie, um offline zu lesen
Some IPv6 Tools As a Short Preview of the Hacking & Protecting IPv6 Networks Training funtime… Fred Bovy. Copyright IPv6 For Life!
iperf Traffic Generator To test firewall rules and performance
Iperf to test the network performances ¡  One End is started as a server ¡  One End as a client ¡  Iperf is a traffic generator to test the IP or IPv6 Network Performances ¡  Usefull to test a firewall rules ¡  TCP or UDP and Port number can be given to the CLI
Iperf –V to test IPv6 Client Report bugs to <iperf-users@lists.sourceforge.net> root@ks363021:~# iperf -c 2001:41d0:8:68dd:1:2:3:4 -V -u -t 30 -i 1 -b 5M -p 25 ------------------------------------------------------------ Client connecting to 2001:41d0:8:68dd:1:2:3:4, UDP port 25 Sending 1470 byte datagrams UDP buffer size: 122 KByte (default) ------------------------------------------------------------ [ 3] local 2001:41d0:1:f24a:1:2:3:4 port 48738 connected with 2001:41d0:8:68dd:1:2:3:4 port 25 [ ID] Interval Transfer Bandwidth [ 3] 0.0- 1.0 sec 612 KBytes 5.01 Mbits/sec [ 3] 1.0- 2.0 sec 610 KBytes 5.00 Mbits/sec [ 3] 2.0- 3.0 sec 610 KBytes 5.00 Mbits/sec [ 3] 3.0- 4.0 sec 610 KBytes 5.00 Mbits/sec SERVER root@ns3000172# iperf -s -V -u -B 2001:41d0:8:68dd:1:2:3:4 25 ------------------------------------------------------------ Server listening on UDP port 25 Binding to local address 2001:41d0:8:68dd:1:2:3:4 Receiving 1470 byte datagrams UDP buffer size: 122 KByte (default) ------------------------------------------------------------
Nmap Port Scanner Port Scanner
nmap -6 to scan open open port with IPv6 root@ks363021:~# nmap -6 2001:41d0:8:68dd:1:2:3:4 Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-26 18:02 CEST Interesting ports on ipv6forlife.com (2001:41d0:8:68dd:1:2:3:4): Not shown: 993 filtered ports PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 4.49 seconds root@ks363021:~#
Scapy A powerfull multi-function tool
What is Scapy? “Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping +ARP cache poisoning, VOIP decoding on WEP encrypted channel ...), etc.” (Sourced from https://www.secdev.org/projects/Scapy/).
Scapy installation ¡  Scapy is python application which uses many libraries. ¡  To make sure that you do not forget anything, here is the line command to use: ¡  apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx
Scapy: Send a packet >>> send(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ICMP()/"HelloWorld") . Sent 1 packets. >>> ¡  send - this tells Scapy that you want to send a packet (just a single packet) ¡  IPv6 - the type of packet you want to create, in this case an IPv6 packet ¡  (dst=” 2001:41d0:8:68dd:1:2:3:4”) - the destination to send the packet to (in this case my router) ¡  /ICMP() - you want to create an ICMP packet with the default values provided by Scapy ¡  /”HelloWorld”) - the payload to include in the ICMP packet (you don’t have to provide this in order for it to work.
Scapy: Send TCP >>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=21)) Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets >>> h (<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>) >>>
Scapy: Send a range of TCP >>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ TCP(dport=[21,22,80])) Begin emission: *...*Finished to send 3 packets. * Received 6 packets, got 3 answers, remaining 0 packets >>> h (<Results: TCP:3 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>) >>>
Scapy: Request DNS
Scapy: Sending Hop-by-Hop
Sniff icmp6 packets >>> sniff(iface="eth0", filter="icmp6", count=10) <Sniffed: TCP:4 UDP:0 ICMP:0 Other:6> >>> a=_ >>> a.nsummary() 0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A 0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A 0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw 0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A 0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d3 0005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400) 0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3) 0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4) >>>
Traceroute >>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.cisco.com","yoda.ipv6forlife.com"]) Begin emission: .................*..........*..*.*........*.....*.*..*..*.*...**..*..*.*...*...*.....**....*.........**..*...*.*.*....**..*...**...*......*.*.....*..........**...... *........*.*..*.......**...*...*.*...*...**Finished to send 90 packets. ...*......*....*..*............*.*..*.....**..*....**..*..........*.*....*......**....*..........**.....**.*.....*.....*....*............*.....*......*.............. ................... Received 392 packets, got 79 answers, remaining 11 packets 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 2a02:26f0:0026:0003:8700:0000:0000:0090 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fe 3 - - 2 2001:41d0::a91 3 2001:41d0::aa1 3 2001:41d0::6b1 3 3 2001:41d0::167 3 2001:41d0::b72 3 - 4 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 2001:7f8:4::7577:1 3 5 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 2001:7f8:4::51cc:1 3 6 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 2a02:26f0:26:3:8700::90 SA 7 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 2a02:26f0:26:3:8700::90 SA 8 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 9 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 10 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 11 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 12 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 13 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 14 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 15 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 16 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 17 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 18 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 19 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 20 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 21 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 22 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 23 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 24 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 25 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA - 26 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA 27 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA 28 2001:41d0:8:68dd:1:2:3:4 SA - - 29 - - 2a02:26f0:26:3:8700::90 SA 30 - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA (<Traceroute: TCP:67 UDP:0 ICMP:0 Other:12>, <Unanswered: TCP:11 UDP:0 ICMP:0 Other:0>) >>>
Traceroute >>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.ipv6.cisco.com","yoda.ipv6forlife.com"]) Begin emission: ....................................................................................*...........................*.....*.....*......*.*....*..*..*...*....*.*..*...* ..*....*....................*......*.*...................*.*..........*..*......*....*..Finished to send 90 packets. ....*...*..*..*....*.*.................*..*....*.......*...*.............*.*.*....*...*..*..*.*..........**...*......**..*...*..........*.......*.*..........*.*... .....*.*....*...*..... Received 436 packets, got 60 answers, remaining 30 packets 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 3 3 2001:41d0::782 3 2001:41d0::171 3 2001:41d0::b72 3 4 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 5 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 6 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 7 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 8 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA - 10 2001:1890:ff:ffff:12:122:1:173 3 - - 11 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 12 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 13 - 2001:41d0:8:68dd:1:2:3:4 SA - 14 2001:420:1100:6::1 3 - - 15 2001:420:1100:2::1 3 - - 16 - 2001:41d0:8:68dd:1:2:3:4 SA - 17 2001:420:1101:1::a SA - - 18 - 2001:41d0:8:68dd:1:2:3:4 SA - 19 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 21 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA - 25 2001:420:1101:1::a SA - - 26 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 27 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 28 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 29 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA - 30 - 2001:41d0:8:68dd:1:2:3:4 SA - (<Traceroute: TCP:38 UDP:0 ICMP:0 Other:22>, <Unanswered: TCP:30 UDP:0 ICMP:0 Other:0>) >>>
Display the packet again >>> ans,unans=_ >>> unans <Unanswered: TCP:6 UDP:0 ICMP:0 Other:0> >>> unans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:irc > 2001:41d0:0008:68dd:0001:0002:0003:0004:www S 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:7363 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S 0002 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:35159 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S 0003 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:3113 > 2001:0420:1101:0001:0000:0000:0000:000a:www S 0004 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:15173 > 2001:0420:1101:0001:0000:0000:0000:000a:www S 0005 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:27103 > 2001:0420:1101:0001:0000:0000:0000:000a:www S >>> ans.show() 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 3 3 2001:41d0::782 3 2001:41d0::167 3 2001:41d0::b72 3 4 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 5 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 6 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 7 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 8 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 10 2001:1890:ff:ffff:12:122:1:173 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 11 2001:1890:ff:ffff:12:122:28:174 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 12 2001:1890:ff:ffff:12:122:119:9 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 13 2001:1890:c00:8701::11b7:3f7f 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 14 2001:420:1100:6::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 15 2001:420:1100:2::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 16 2001:420:1100:100::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 17 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 18 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 19 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 21 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 25 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 26 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 27 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 28 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 29 - 2001:41d0:8:68dd:1:2:3:4 SA - >>>
Ping TCP flag « A » >>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,666],flags="A")) Begin emission: ..............Finished to send 2 packets. ..............** Received 30 packets, got 2 answers, remaining 0 packets >>> ans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:666 A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:666 > 2001:41d0:1:f24a:1:2:3:4:ftp_data R >>> >>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,25],flags="A")) Begin emission: ......Finished to send 2 packets. .......................*.......* Received 38 packets, got 2 answers, remaining 0 packets >>> ans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:smtp A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:smtp > 2001:41d0:1:f24a:1:2:3:4:ftp_data R >>> unans.show() >>>
Sniff packets >>> sniff() ^C<Sniffed: TCP:1113 UDP:3 ICMP:0 Other:19> >>> >>> a=_ >>> a.nsummary() 0000 Ether / IP / TCP 91.121.177.74:ssh > 82.242.109.52:53421 PA / Raw 0001 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 A 0002 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 PA / Raw [SNIP] >>> a[3] <Ether dst=00:00:0c:07:ac:01 src=38:60:77:d4:fa:d3 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=52 id=52244 flags=DF frag=0L ttl=64 proto=tcp chksum=0xa1c5 src=91.121.177.74 dst=82.242.109.52 options='' |<TCP sport=8880 dport=52586 seq=3851900756 ack=4220157835 dataofs=8L reserved=0L flags=A window=122 chksum=0xcd10 urgptr=0 options=[('NOP', None), ('NOP', None), ('Timestamp', (962435905, 1350247719))] |>>>
Sniff icmp6 packets >>> sniff(iface="eth0", filter="icmp6", count=10) <Sniffed: TCP:4 UDP:0 ICMP:0 Other:6> >>> a=_ >>> a.nsummary() 0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A 0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A 0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw 0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A 0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d3 0005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400) 0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3) 0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4) >>>
Nessus Lab/Demo #2
What is Nessus? ¡  Nessus is a powerfull Security Scanner ¡  It scan a host or a subnet for the host and look for all the system weaknesses which could be used to attack your system ¡  It is a great tool to perform a Security Audit before a change in the Network and After
Nessus Scanning Result in Real-time
Nessus Scan Complete
Firewall ASA Lab/Demo #3
CISCO Firewall ¡  PIX Firewall since the early 90s ¡  PIX was the #1 IP firewall for many years ¡  The #2 was Checkpoint on Windows with its own IP Stack ¡  The PIX and now the ASA has its own OS which is much stronger than other Firewalls running on Windows ¡  Today FORTINET propose a very powerfull Appliance to compete with ASA
Firewall CISCO ASA Ext Hdr
ASA Firewall ASDM & CLI
ASA Firewall ASDM
SNORT Lab with Tools
What is Snort ? Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort also has a modular real-time alerting capability, incorporating alerting and logging plugins for syslog, a ASCII text files, UNIX sockets, database (Mysql/PostgreSQL/Oracle/ODBC) or XML. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in tcpdump(1) binary format, to a database or in Snort's decoded ASCII format to a hierarchy of logging directories that are named based on the IP address of the "foreign" host. Log info in Syslog http://manual.snort.org/node2.html
SNORT Example from Syslog while shutdown host Aug 28 06:46:02 ns3000172 snort[21339]: Breakdown by protocol (includes rebuilt packets): Aug 28 06:46:02 ns3000172 snort[21339]: ETH: 672145 (100.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ETHdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: VLAN: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IPV6: 107583 (16.006%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6 EXT: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6opts: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6disc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP4: 505375 (75.188%) Aug 28 06:46:02 ns3000172 snort[21339]: IP4disc: 9988 (1.486%) Aug 28 06:46:02 ns3000172 snort[21339]: TCP 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: UDP 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP-IP: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: TCP: 124453 (18.516%) Aug 28 06:46:02 ns3000172 snort[21339]: UDP: 269581 (40.108%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP: 91894 (13.672%) Aug 28 06:46:02 ns3000172 snort[21339]: TCPdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: UDPdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMPdis: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: FRAG: 84 (0.012%) Aug 28 06:46:02 ns3000172 snort[21339]: FRAG 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ARP: 59187 (8.806%) Aug 28 06:46:02 ns3000172 snort[21339]: EAPOL: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ETHLOOP: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IPX: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: OTHER: 9375 (1.395%) Aug 28 06:46:02 ns3000172 snort[21339]: DISCARD: 12087 (1.798%) Aug 28 06:46:02 ns3000172 snort[21339]: InvChkSum: 70086 (10.427%) Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 1: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 2: 1 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: Total: 672145 Aug 28 06:46:02 ns3000172 snort[21339]:
Snort Utilization ¡  Sniffer Mode «  Snort –vde 08/29-01:47:12.381297 6C:9C:ED:BB:BD:80 -> E0:CB:4E:8C:2A:8A type:0x800 len:0x42^C 82.242.109.52:59762 -> 37.59.45.221:22 TCP TTL:54 TOS:0x0 ID:43280 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xAE2BFE00 Ack: 0x3C33BDF7 Win: 0x802C TcpLen: 32 TCP Options (3) => NOP NOP TS: 1653158964 69394 *** Caught Int-Signal Run time prior to being shutdown was 2.419819 seconds =============================================================================== Packet Wire Totals: Received: 1948 Analyzed: 1946 (99.897%) Dropped: 0 (0.000%) Outstanding: 2 (0.103%) =============================================================================== Breakdown by protocol (includes rebuilt packets): ETH: 1946 (100.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 4 (0.206%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 1942 (99.794%) IP4disc: 335 (17.215%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%)…
SNMPv3 Over IPV6
SNMP Version 3 ¡  MD5 or SHA Hash for Authetntication not to send password in Clear Text ¡  DES is used to Encrypt/Decrypt SNMP Messages
In SNMPv3 no more Manager and Objects but Entities SNMP Entities SNMP Engine Identified by (SnmpEngineID) Message Access Security DISPATCHER Processing Control Subsystems Subsystem Subsystems w Application(s) Command Notification Proxy Generator Receiver Forwarder Command Notification Other Responder Originator
SNMPv3 Minimum Parameters ¡  Username ¡  Security Level «  Some applications require you to explicitly set the security level and others determine it based on the combination of authentication and privacy protocol in use. «  The specified values are noAuthNoPriv, which is no authentication and no privacy, authNoPriv,which is authentication and no privacy,and authPriv, which is authentication and privacy. Note that you cannot have privacy without authentication, but you can have authentication without privacy.
SNMPv6 on IPv6 Edit /etc/snmp/snmpd.conf rocommunity IPv6ForLife63 rocommunity6 IPv6ForLife63 syslocation "OVH Datacenter" syscontact fred@ipv6forlife.com #Users Creation createUser monitor SHA monitorpw createUser engineer MD5 engineerpw createUser supervisor MD5 supervisorpw DES supervisorx #Access features rouser monitor noauth .1.3.6.1.2.1 rouser engineer auth .1.3.6.1.2.1 rwuser supervisor auth .1.3.6.1.2.1.1 rouser supervisor priv .1.3.6.1.2.1 "/etc/snmp/snmpd.conf" Restart the server root@ns3000172:/etc/snmp# snmpd udp:161,udp6:161 Try the Client locally root@ns3000172:/etc/snmp# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0 SNMPv2-MIB::sysLocation.0 = STRING: "OVH Datacenter” Try with IPv4 Client root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter"” Try with IPv6 Client root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter"”
SNMPv3 AuthNoPriv root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter
SNMPv3 AuthPriv IPv6 snmpget -v 3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0
And this is not finished… ¡  More Tools and more fun during the Training. http://ipv6forlife.com/modulation/IPv6HackSecu4.html

Empfohlen

LG CRT TV MODEL Ct 21q92ke
LG CRT TV MODEL Ct 21q92keLG CRT TV MODEL Ct 21q92ke
LG CRT TV MODEL Ct 21q92keMalik Arif
 
Update 15 models(SBD) in SPICE PARK(MAY2020)
Update 15 models(SBD) in SPICE PARK(MAY2020)Update 15 models(SBD) in SPICE PARK(MAY2020)
Update 15 models(SBD) in SPICE PARK(MAY2020)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(JUN2020)
Update 20 models(SBD) in SPICE PARK(JUN2020)Update 20 models(SBD) in SPICE PARK(JUN2020)
Update 20 models(SBD) in SPICE PARK(JUN2020)Tsuyoshi Horigome
 
Update 50 models(SBD) in SPICE PARK(APR2021)
Update 50 models(SBD) in SPICE PARK(APR2021)Update 50 models(SBD) in SPICE PARK(APR2021)
Update 50 models(SBD) in SPICE PARK(APR2021)Tsuyoshi Horigome
 
Update 50 models(SiC SBD) in SPICE PARK(MAR2021)
Update 50 models(SiC SBD) in SPICE PARK(MAR2021)Update 50 models(SiC SBD) in SPICE PARK(MAR2021)
Update 50 models(SiC SBD) in SPICE PARK(MAR2021)Tsuyoshi Horigome
 
Update 13 models(SBD) in SPICE PARK(JUL2020)
Update 13 models(SBD) in SPICE PARK(JUL2020)Update 13 models(SBD) in SPICE PARK(JUL2020)
Update 13 models(SBD) in SPICE PARK(JUL2020)Tsuyoshi Horigome
 
Update 50 models(Solar Cell) in SPICE PARK(JUN2021)
Update 50 models(Solar Cell) in SPICE PARK(JUN2021)Update 50 models(Solar Cell) in SPICE PARK(JUN2021)
Update 50 models(Solar Cell) in SPICE PARK(JUN2021)Tsuyoshi Horigome
 
Update 25 models(SBD) in SPICE PARK(DEC2021)
Update 25 models(SBD) in SPICE PARK(DEC2021)Update 25 models(SBD) in SPICE PARK(DEC2021)
Update 25 models(SBD) in SPICE PARK(DEC2021)Tsuyoshi Horigome
 

Empfohlen

LG CRT TV MODEL Ct 21q92ke
LG CRT TV MODEL Ct 21q92keLG CRT TV MODEL Ct 21q92ke
LG CRT TV MODEL Ct 21q92keMalik Arif
 
Update 15 models(SBD) in SPICE PARK(MAY2020)
Update 15 models(SBD) in SPICE PARK(MAY2020)Update 15 models(SBD) in SPICE PARK(MAY2020)
Update 15 models(SBD) in SPICE PARK(MAY2020)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(JUN2020)
Update 20 models(SBD) in SPICE PARK(JUN2020)Update 20 models(SBD) in SPICE PARK(JUN2020)
Update 20 models(SBD) in SPICE PARK(JUN2020)Tsuyoshi Horigome
 
Update 50 models(SBD) in SPICE PARK(APR2021)
Update 50 models(SBD) in SPICE PARK(APR2021)Update 50 models(SBD) in SPICE PARK(APR2021)
Update 50 models(SBD) in SPICE PARK(APR2021)Tsuyoshi Horigome
 
Update 50 models(SiC SBD) in SPICE PARK(MAR2021)
Update 50 models(SiC SBD) in SPICE PARK(MAR2021)Update 50 models(SiC SBD) in SPICE PARK(MAR2021)
Update 50 models(SiC SBD) in SPICE PARK(MAR2021)Tsuyoshi Horigome
 
Update 13 models(SBD) in SPICE PARK(JUL2020)
Update 13 models(SBD) in SPICE PARK(JUL2020)Update 13 models(SBD) in SPICE PARK(JUL2020)
Update 13 models(SBD) in SPICE PARK(JUL2020)Tsuyoshi Horigome
 
Update 50 models(Solar Cell) in SPICE PARK(JUN2021)
Update 50 models(Solar Cell) in SPICE PARK(JUN2021)Update 50 models(Solar Cell) in SPICE PARK(JUN2021)
Update 50 models(Solar Cell) in SPICE PARK(JUN2021)Tsuyoshi Horigome
 
Update 25 models(SBD) in SPICE PARK(DEC2021)
Update 25 models(SBD) in SPICE PARK(DEC2021)Update 25 models(SBD) in SPICE PARK(DEC2021)
Update 25 models(SBD) in SPICE PARK(DEC2021)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(DEC2020)
Update 20 models(SBD) in SPICE PARK(DEC2020)Update 20 models(SBD) in SPICE PARK(DEC2020)
Update 20 models(SBD) in SPICE PARK(DEC2020)Tsuyoshi Horigome
 
2012年7月度アップデートのスパイスモデルリスト
2012年7月度アップデートのスパイスモデルリスト2012年7月度アップデートのスパイスモデルリスト
2012年7月度アップデートのスパイスモデルリストTsuyoshi Horigome
 
Update 22 models(SBD) in SPICE PARK(FEB2022)
Update 22 models(SBD) in SPICE PARK(FEB2022)Update 22 models(SBD) in SPICE PARK(FEB2022)
Update 22 models(SBD) in SPICE PARK(FEB2022)Tsuyoshi Horigome
 
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(JAN2022)
Update 20 models(SBD) in SPICE PARK(JAN2022)Update 20 models(SBD) in SPICE PARK(JAN2022)
Update 20 models(SBD) in SPICE PARK(JAN2022)Tsuyoshi Horigome
 
Update 15 models(SBD) in SPICE PARK(JAN2021)
Update 15 models(SBD) in SPICE PARK(JAN2021)Update 15 models(SBD) in SPICE PARK(JAN2021)
Update 15 models(SBD) in SPICE PARK(JAN2021)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(FEB2021)
Update 20 models(SBD) in SPICE PARK(FEB2021)Update 20 models(SBD) in SPICE PARK(FEB2021)
Update 20 models(SBD) in SPICE PARK(FEB2021)Tsuyoshi Horigome
 
Spicepark AUG2020 (5,279 SPICE Models)
Spicepark AUG2020 (5,279 SPICE Models)Spicepark AUG2020 (5,279 SPICE Models)
Spicepark AUG2020 (5,279 SPICE Models)Tsuyoshi Horigome
 
Update 25 models(SBD) in SPICE PARK(MAR2022)
Update 25 models(SBD) in SPICE PARK(MAR2022)Update 25 models(SBD) in SPICE PARK(MAR2022)
Update 25 models(SBD) in SPICE PARK(MAR2022)Tsuyoshi Horigome
 
Update 23 models(SBD) in SPICE PARK(NOV2021)
Update 23 models(SBD) in SPICE PARK(NOV2021) Update 23 models(SBD) in SPICE PARK(NOV2021)
Update 23 models(SBD) in SPICE PARK(NOV2021) Tsuyoshi Horigome
 
GWOS_Week_of_03-23-2015
GWOS_Week_of_03-23-2015GWOS_Week_of_03-23-2015
GWOS_Week_of_03-23-2015William Irving
 
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)Tsuyoshi Horigome
 
Spicepark May2020 (5,231 SPICE Models)
Spicepark May2020 (5,231 SPICE Models)Spicepark May2020 (5,231 SPICE Models)
Spicepark May2020 (5,231 SPICE Models)Tsuyoshi Horigome
 
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)Tsuyoshi Horigome
 
Update 30 models(SBD) in SPICE PARK(MAR2020)
Update 30 models(SBD) in SPICE PARK(MAR2020)Update 30 models(SBD) in SPICE PARK(MAR2020)
Update 30 models(SBD) in SPICE PARK(MAR2020)Tsuyoshi Horigome
 
SPICE PARK MAY2021 (5,571 SPICE Models)
SPICE PARK MAY2021 (5,571 SPICE Models)SPICE PARK MAY2021 (5,571 SPICE Models)
SPICE PARK MAY2021 (5,571 SPICE Models)Tsuyoshi Horigome
 
Update 30 models(SBD) in SPICE PARK(FEB2020)
Update 30 models(SBD) in SPICE PARK(FEB2020) Update 30 models(SBD) in SPICE PARK(FEB2020)
Update 30 models(SBD) in SPICE PARK(FEB2020) Tsuyoshi Horigome
 
Update 13 models(SBD) in SPICE PARK(APR2020)
Update 13 models(SBD) in SPICE PARK(APR2020)Update 13 models(SBD) in SPICE PARK(APR2020)
Update 13 models(SBD) in SPICE PARK(APR2020)Tsuyoshi Horigome
 
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...ufjjsjekkdemd
 
crack satellite
crack satellite crack satellite
crack satellite TecnicoAInstrumentos
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficJosiah Ritchie
 
001 network toi_basics_v1
001 network toi_basics_v1001 network toi_basics_v1
001 network toi_basics_v1Hisao Tsujimura
 

Weitere ähnliche Inhalte

Was ist angesagt?

Update 20 models(SBD) in SPICE PARK(DEC2020)
Update 20 models(SBD) in SPICE PARK(DEC2020)Update 20 models(SBD) in SPICE PARK(DEC2020)
Update 20 models(SBD) in SPICE PARK(DEC2020)Tsuyoshi Horigome
 
2012年7月度アップデートのスパイスモデルリスト
2012年7月度アップデートのスパイスモデルリスト2012年7月度アップデートのスパイスモデルリスト
2012年7月度アップデートのスパイスモデルリストTsuyoshi Horigome
 
Update 22 models(SBD) in SPICE PARK(FEB2022)
Update 22 models(SBD) in SPICE PARK(FEB2022)Update 22 models(SBD) in SPICE PARK(FEB2022)
Update 22 models(SBD) in SPICE PARK(FEB2022)Tsuyoshi Horigome
 
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(JAN2022)
Update 20 models(SBD) in SPICE PARK(JAN2022)Update 20 models(SBD) in SPICE PARK(JAN2022)
Update 20 models(SBD) in SPICE PARK(JAN2022)Tsuyoshi Horigome
 
Update 15 models(SBD) in SPICE PARK(JAN2021)
Update 15 models(SBD) in SPICE PARK(JAN2021)Update 15 models(SBD) in SPICE PARK(JAN2021)
Update 15 models(SBD) in SPICE PARK(JAN2021)Tsuyoshi Horigome
 
Update 20 models(SBD) in SPICE PARK(FEB2021)
Update 20 models(SBD) in SPICE PARK(FEB2021)Update 20 models(SBD) in SPICE PARK(FEB2021)
Update 20 models(SBD) in SPICE PARK(FEB2021)Tsuyoshi Horigome
 
Spicepark AUG2020 (5,279 SPICE Models)
Spicepark AUG2020 (5,279 SPICE Models)Spicepark AUG2020 (5,279 SPICE Models)
Spicepark AUG2020 (5,279 SPICE Models)Tsuyoshi Horigome
 
Update 25 models(SBD) in SPICE PARK(MAR2022)
Update 25 models(SBD) in SPICE PARK(MAR2022)Update 25 models(SBD) in SPICE PARK(MAR2022)
Update 25 models(SBD) in SPICE PARK(MAR2022)Tsuyoshi Horigome
 
Update 23 models(SBD) in SPICE PARK(NOV2021)
Update 23 models(SBD) in SPICE PARK(NOV2021) Update 23 models(SBD) in SPICE PARK(NOV2021)
Update 23 models(SBD) in SPICE PARK(NOV2021) Tsuyoshi Horigome
 
GWOS_Week_of_03-23-2015
GWOS_Week_of_03-23-2015GWOS_Week_of_03-23-2015
GWOS_Week_of_03-23-2015William Irving
 
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)Tsuyoshi Horigome
 
Spicepark May2020 (5,231 SPICE Models)
Spicepark May2020 (5,231 SPICE Models)Spicepark May2020 (5,231 SPICE Models)
Spicepark May2020 (5,231 SPICE Models)Tsuyoshi Horigome
 
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)Tsuyoshi Horigome
 
Update 30 models(SBD) in SPICE PARK(MAR2020)
Update 30 models(SBD) in SPICE PARK(MAR2020)Update 30 models(SBD) in SPICE PARK(MAR2020)
Update 30 models(SBD) in SPICE PARK(MAR2020)Tsuyoshi Horigome
 
SPICE PARK MAY2021 (5,571 SPICE Models)
SPICE PARK MAY2021 (5,571 SPICE Models)SPICE PARK MAY2021 (5,571 SPICE Models)
SPICE PARK MAY2021 (5,571 SPICE Models)Tsuyoshi Horigome
 
Update 30 models(SBD) in SPICE PARK(FEB2020)
Update 30 models(SBD) in SPICE PARK(FEB2020) Update 30 models(SBD) in SPICE PARK(FEB2020)
Update 30 models(SBD) in SPICE PARK(FEB2020) Tsuyoshi Horigome
 
Update 13 models(SBD) in SPICE PARK(APR2020)
Update 13 models(SBD) in SPICE PARK(APR2020)Update 13 models(SBD) in SPICE PARK(APR2020)
Update 13 models(SBD) in SPICE PARK(APR2020)Tsuyoshi Horigome
 
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...ufjjsjekkdemd
 

Was ist angesagt? (19)

Update 20 models(SBD) in SPICE PARK(DEC2020)
Update 20 models(SBD) in SPICE PARK(DEC2020)Update 20 models(SBD) in SPICE PARK(DEC2020)
Update 20 models(SBD) in SPICE PARK(DEC2020)
 
2012年7月度アップデートのスパイスモデルリスト
2012年7月度アップデートのスパイスモデルリスト2012年7月度アップデートのスパイスモデルリスト
2012年7月度アップデートのスパイスモデルリスト
 
Update 22 models(SBD) in SPICE PARK(FEB2022)
Update 22 models(SBD) in SPICE PARK(FEB2022)Update 22 models(SBD) in SPICE PARK(FEB2022)
Update 22 models(SBD) in SPICE PARK(FEB2022)
 
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
Update 51 models(Solar Cell) in SPICE PARK(JUL2021)
 
Update 20 models(SBD) in SPICE PARK(JAN2022)
Update 20 models(SBD) in SPICE PARK(JAN2022)Update 20 models(SBD) in SPICE PARK(JAN2022)
Update 20 models(SBD) in SPICE PARK(JAN2022)
 
Update 15 models(SBD) in SPICE PARK(JAN2021)
Update 15 models(SBD) in SPICE PARK(JAN2021)Update 15 models(SBD) in SPICE PARK(JAN2021)
Update 15 models(SBD) in SPICE PARK(JAN2021)
 
Update 20 models(SBD) in SPICE PARK(FEB2021)
Update 20 models(SBD) in SPICE PARK(FEB2021)Update 20 models(SBD) in SPICE PARK(FEB2021)
Update 20 models(SBD) in SPICE PARK(FEB2021)
 
Spicepark AUG2020 (5,279 SPICE Models)
Spicepark AUG2020 (5,279 SPICE Models)Spicepark AUG2020 (5,279 SPICE Models)
Spicepark AUG2020 (5,279 SPICE Models)
 
Update 25 models(SBD) in SPICE PARK(MAR2022)
Update 25 models(SBD) in SPICE PARK(MAR2022)Update 25 models(SBD) in SPICE PARK(MAR2022)
Update 25 models(SBD) in SPICE PARK(MAR2022)
 
Update 23 models(SBD) in SPICE PARK(NOV2021)
Update 23 models(SBD) in SPICE PARK(NOV2021) Update 23 models(SBD) in SPICE PARK(NOV2021)
Update 23 models(SBD) in SPICE PARK(NOV2021)
 
GWOS_Week_of_03-23-2015
GWOS_Week_of_03-23-2015GWOS_Week_of_03-23-2015
GWOS_Week_of_03-23-2015
 
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
Update 55 models(Solar Cell) in SPICE PARK(AUG2021)
 
Spicepark May2020 (5,231 SPICE Models)
Spicepark May2020 (5,231 SPICE Models)Spicepark May2020 (5,231 SPICE Models)
Spicepark May2020 (5,231 SPICE Models)
 
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
Update 56 models(Solar Cell) in SPICE PARK(MAY2021)
 
Update 30 models(SBD) in SPICE PARK(MAR2020)
Update 30 models(SBD) in SPICE PARK(MAR2020)Update 30 models(SBD) in SPICE PARK(MAR2020)
Update 30 models(SBD) in SPICE PARK(MAR2020)
 
SPICE PARK MAY2021 (5,571 SPICE Models)
SPICE PARK MAY2021 (5,571 SPICE Models)SPICE PARK MAY2021 (5,571 SPICE Models)
SPICE PARK MAY2021 (5,571 SPICE Models)
 
Update 30 models(SBD) in SPICE PARK(FEB2020)
Update 30 models(SBD) in SPICE PARK(FEB2020) Update 30 models(SBD) in SPICE PARK(FEB2020)
Update 30 models(SBD) in SPICE PARK(FEB2020)
 
Update 13 models(SBD) in SPICE PARK(APR2020)
Update 13 models(SBD) in SPICE PARK(APR2020)Update 13 models(SBD) in SPICE PARK(APR2020)
Update 13 models(SBD) in SPICE PARK(APR2020)
 
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
Mc cormick c l mondial tier 2 (2007- ) - rt30 - c 75 l tractor service repair...
 

Ähnlich wie IPv6 tools

Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficJosiah Ritchie
 
001 network toi_basics_v1
001 network toi_basics_v1001 network toi_basics_v1
001 network toi_basics_v1Hisao Tsujimura
 
Examining Malware with Python
Examining Malware with PythonExamining Malware with Python
Examining Malware with Pythonmrphilroth
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PROIDEA
 
Catalogue thiet bi dien abb mcb-dienhathe.vn
Catalogue thiet bi dien abb mcb-dienhathe.vnCatalogue thiet bi dien abb mcb-dienhathe.vn
Catalogue thiet bi dien abb mcb-dienhathe.vnDien Ha The
 
Inertia dynamics wrapspring_sc_specsheet
Inertia dynamics wrapspring_sc_specsheetInertia dynamics wrapspring_sc_specsheet
Inertia dynamics wrapspring_sc_specsheetElectromate
 
CM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacionCM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacionDecimeelPapucho
 
Bảng giá mitsubishi 2020
Bảng giá mitsubishi 2020Bảng giá mitsubishi 2020
Bảng giá mitsubishi 2020PhmAnhHuy
 
Siemens s7-200 autocad
Siemens s7-200 autocadSiemens s7-200 autocad
Siemens s7-200 autocadDien Ha The
 
SI47XX_Tuner (1).pdf
SI47XX_Tuner (1).pdfSI47XX_Tuner (1).pdf
SI47XX_Tuner (1).pdfdedysuryadi10
 
WEG Contactors Oveload Relays
WEG Contactors Oveload RelaysWEG Contactors Oveload Relays
WEG Contactors Oveload RelaysAllan Bernardino
 
Monitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeMonitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeWeaveworks
 
Inertia dynamics cb_open56_specsheet
Inertia dynamics cb_open56_specsheetInertia dynamics cb_open56_specsheet
Inertia dynamics cb_open56_specsheetElectromate
 
Ib Msystemsperformancebenchmarks
Ib MsystemsperformancebenchmarksIb Msystemsperformancebenchmarks
Ib Msystemsperformancebenchmarkspineiro
 
Cataloge schneider mcb c60 h
Cataloge schneider mcb c60 hCataloge schneider mcb c60 h
Cataloge schneider mcb c60 hDien Ha The
 
Cataloge schneider mcb c60 h-dienhathe.vn
Cataloge schneider mcb c60 h-dienhathe.vnCataloge schneider mcb c60 h-dienhathe.vn
Cataloge schneider mcb c60 h-dienhathe.vnDien Ha The
 

Ähnlich wie IPv6 tools (20)

crack satellite
crack satellite crack satellite
crack satellite
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
 
001 network toi_basics_v1
001 network toi_basics_v1001 network toi_basics_v1
001 network toi_basics_v1
 
Examining Malware with Python
Examining Malware with PythonExamining Malware with Python
Examining Malware with Python
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
 
Duggal_A_Result
Duggal_A_ResultDuggal_A_Result
Duggal_A_Result
 
Catalogue thiet bi dien abb mcb-dienhathe.vn
Catalogue thiet bi dien abb mcb-dienhathe.vnCatalogue thiet bi dien abb mcb-dienhathe.vn
Catalogue thiet bi dien abb mcb-dienhathe.vn
 
Inertia dynamics wrapspring_sc_specsheet
Inertia dynamics wrapspring_sc_specsheetInertia dynamics wrapspring_sc_specsheet
Inertia dynamics wrapspring_sc_specsheet
 
CM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacionCM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacion
 
Bảng giá mitsubishi 2020
Bảng giá mitsubishi 2020Bảng giá mitsubishi 2020
Bảng giá mitsubishi 2020
 
Siemens s7-200 autocad
Siemens s7-200 autocadSiemens s7-200 autocad
Siemens s7-200 autocad
 
SI47XX_Tuner (1).pdf
SI47XX_Tuner (1).pdfSI47XX_Tuner (1).pdf
SI47XX_Tuner (1).pdf
 
WEG Contactors Oveload Relays
WEG Contactors Oveload RelaysWEG Contactors Oveload Relays
WEG Contactors Oveload Relays
 
START UP by Rekind
START UP by RekindSTART UP by Rekind
START UP by Rekind
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
 
Monitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeMonitoring Containers with Weave Scope
Monitoring Containers with Weave Scope
 
Inertia dynamics cb_open56_specsheet
Inertia dynamics cb_open56_specsheetInertia dynamics cb_open56_specsheet
Inertia dynamics cb_open56_specsheet
 
Ib Msystemsperformancebenchmarks
Ib MsystemsperformancebenchmarksIb Msystemsperformancebenchmarks
Ib Msystemsperformancebenchmarks
 
Cataloge schneider mcb c60 h
Cataloge schneider mcb c60 hCataloge schneider mcb c60 h
Cataloge schneider mcb c60 h
 
Cataloge schneider mcb c60 h-dienhathe.vn
Cataloge schneider mcb c60 h-dienhathe.vnCataloge schneider mcb c60 h-dienhathe.vn
Cataloge schneider mcb c60 h-dienhathe.vn
 

Mehr von Fred Bovy

Ospfv3 News version 2
Ospfv3 News version 2Ospfv3 News version 2
Ospfv3 News version 2Fred Bovy
 
Ospfv3 primer
Ospfv3 primerOspfv3 primer
Ospfv3 primerFred Bovy
 
IPv6 training
IPv6 trainingIPv6 training
IPv6 trainingFred Bovy
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fred Bovy
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshellFred Bovy
 
Routing ipv6 v3
Routing ipv6 v3Routing ipv6 v3
Routing ipv6 v3Fred Bovy
 
Neighbor discoverydhcp
Neighbor discoverydhcpNeighbor discoverydhcp
Neighbor discoverydhcpFred Bovy
 
Inter as cisco1
Inter as cisco1Inter as cisco1
Inter as cisco1Fred Bovy
 
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellIPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellFred Bovy
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?Fred Bovy
 
Fred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alphaFred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alphaFred Bovy
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorialFred Bovy
 
Transition to ipv6 cgv6-edited
Transition to ipv6 cgv6-editedTransition to ipv6 cgv6-edited
Transition to ipv6 cgv6-editedFred Bovy
 
Fred bovyresume@2
Fred bovyresume@2Fred bovyresume@2
Fred bovyresume@2Fred Bovy
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshellFred Bovy
 
Fred explains IPv6
Fred explains IPv6Fred explains IPv6
Fred explains IPv6Fred Bovy
 
Multicast for IPv6
Multicast for IPv6Multicast for IPv6
Multicast for IPv6Fred Bovy
 

Mehr von Fred Bovy (20)

Ospfv3 News version 2
Ospfv3 News version 2Ospfv3 News version 2
Ospfv3 News version 2
 
Ospfv3 primer
Ospfv3 primerOspfv3 primer
Ospfv3 primer
 
Osp fv3 cs
Osp fv3 csOsp fv3 cs
Osp fv3 cs
 
IPv6 training
IPv6 trainingIPv6 training
IPv6 training
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshell
 
Routing ipv6 v3
Routing ipv6 v3Routing ipv6 v3
Routing ipv6 v3
 
Autoconfig
AutoconfigAutoconfig
Autoconfig
 
Neighbor discoverydhcp
Neighbor discoverydhcpNeighbor discoverydhcp
Neighbor discoverydhcp
 
Inter as cisco1
Inter as cisco1Inter as cisco1
Inter as cisco1
 
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellIPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
 
Fred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alphaFred explainsi pv6-v2-alpha
Fred explainsi pv6-v2-alpha
 
Resume
ResumeResume
Resume
 
I pv6 tutorial
I pv6 tutorialI pv6 tutorial
I pv6 tutorial
 
Transition to ipv6 cgv6-edited
Transition to ipv6 cgv6-editedTransition to ipv6 cgv6-edited
Transition to ipv6 cgv6-edited
 
Fred bovyresume@2
Fred bovyresume@2Fred bovyresume@2
Fred bovyresume@2
 
CEFv6 in a nutshell
CEFv6 in a nutshellCEFv6 in a nutshell
CEFv6 in a nutshell
 
Fred explains IPv6
Fred explains IPv6Fred explains IPv6
Fred explains IPv6
 
Multicast for IPv6
Multicast for IPv6Multicast for IPv6
Multicast for IPv6
 

IPv6 tools

  • 1. Some IPv6 Tools As a Short Preview of the Hacking & Protecting IPv6 Networks Training funtime… Fred Bovy. Copyright IPv6 For Life!
  • 2. iperf Traffic Generator To test firewall rules and performance
  • 3. Iperf to test the network performances ¡  One End is started as a server ¡  One End as a client ¡  Iperf is a traffic generator to test the IP or IPv6 Network Performances ¡  Usefull to test a firewall rules ¡  TCP or UDP and Port number can be given to the CLI
  • 4. Iperf –V to test IPv6 Client Report bugs to <iperf-users@lists.sourceforge.net> root@ks363021:~# iperf -c 2001:41d0:8:68dd:1:2:3:4 -V -u -t 30 -i 1 -b 5M -p 25 ------------------------------------------------------------ Client connecting to 2001:41d0:8:68dd:1:2:3:4, UDP port 25 Sending 1470 byte datagrams UDP buffer size: 122 KByte (default) ------------------------------------------------------------ [ 3] local 2001:41d0:1:f24a:1:2:3:4 port 48738 connected with 2001:41d0:8:68dd:1:2:3:4 port 25 [ ID] Interval Transfer Bandwidth [ 3] 0.0- 1.0 sec 612 KBytes 5.01 Mbits/sec [ 3] 1.0- 2.0 sec 610 KBytes 5.00 Mbits/sec [ 3] 2.0- 3.0 sec 610 KBytes 5.00 Mbits/sec [ 3] 3.0- 4.0 sec 610 KBytes 5.00 Mbits/sec SERVER root@ns3000172# iperf -s -V -u -B 2001:41d0:8:68dd:1:2:3:4 25 ------------------------------------------------------------ Server listening on UDP port 25 Binding to local address 2001:41d0:8:68dd:1:2:3:4 Receiving 1470 byte datagrams UDP buffer size: 122 KByte (default) ------------------------------------------------------------
  • 6. nmap -6 to scan open open port with IPv6 root@ks363021:~# nmap -6 2001:41d0:8:68dd:1:2:3:4 Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-26 18:02 CEST Interesting ports on ipv6forlife.com (2001:41d0:8:68dd:1:2:3:4): Not shown: 993 filtered ports PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 4.49 seconds root@ks363021:~#
  • 8. What is Scapy? “Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping +ARP cache poisoning, VOIP decoding on WEP encrypted channel ...), etc.” (Sourced from https://www.secdev.org/projects/Scapy/).
  • 9. Scapy installation ¡  Scapy is python application which uses many libraries. ¡  To make sure that you do not forget anything, here is the line command to use: ¡  apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx
  • 10. Scapy: Send a packet >>> send(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ICMP()/"HelloWorld") . Sent 1 packets. >>> ¡  send - this tells Scapy that you want to send a packet (just a single packet) ¡  IPv6 - the type of packet you want to create, in this case an IPv6 packet ¡  (dst=” 2001:41d0:8:68dd:1:2:3:4”) - the destination to send the packet to (in this case my router) ¡  /ICMP() - you want to create an ICMP packet with the default values provided by Scapy ¡  /”HelloWorld”) - the payload to include in the ICMP packet (you don’t have to provide this in order for it to work.
  • 11. Scapy: Send TCP >>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=21)) Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets >>> h (<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>) >>>
  • 12. Scapy: Send a range of TCP >>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ TCP(dport=[21,22,80])) Begin emission: *...*Finished to send 3 packets. * Received 6 packets, got 3 answers, remaining 0 packets >>> h (<Results: TCP:3 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>) >>>
  • 15. Sniff icmp6 packets >>> sniff(iface="eth0", filter="icmp6", count=10) <Sniffed: TCP:4 UDP:0 ICMP:0 Other:6> >>> a=_ >>> a.nsummary() 0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A 0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A 0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw 0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A 0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d3 0005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400) 0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3) 0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4) >>>
  • 16. Traceroute >>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.cisco.com","yoda.ipv6forlife.com"]) Begin emission: .................*..........*..*.*........*.....*.*..*..*.*...**..*..*.*...*...*.....**....*.........**..*...*.*.*....**..*...**...*......*.*.....*..........**...... *........*.*..*.......**...*...*.*...*...**Finished to send 90 packets. ...*......*....*..*............*.*..*.....**..*....**..*..........*.*....*......**....*..........**.....**.*.....*.....*....*............*.....*......*.............. ................... Received 392 packets, got 79 answers, remaining 11 packets 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 2a02:26f0:0026:0003:8700:0000:0000:0090 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fe 3 - - 2 2001:41d0::a91 3 2001:41d0::aa1 3 2001:41d0::6b1 3 3 2001:41d0::167 3 2001:41d0::b72 3 - 4 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 2001:7f8:4::7577:1 3 5 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 2001:7f8:4::51cc:1 3 6 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 2a02:26f0:26:3:8700::90 SA 7 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 2a02:26f0:26:3:8700::90 SA 8 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 9 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 10 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 11 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 12 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 13 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 14 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 15 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 16 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 17 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 18 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 19 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 20 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 21 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 22 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 23 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 24 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA 25 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA - 26 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA 27 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA 28 2001:41d0:8:68dd:1:2:3:4 SA - - 29 - - 2a02:26f0:26:3:8700::90 SA 30 - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA (<Traceroute: TCP:67 UDP:0 ICMP:0 Other:12>, <Unanswered: TCP:11 UDP:0 ICMP:0 Other:0>) >>>
  • 17. Traceroute >>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.ipv6.cisco.com","yoda.ipv6forlife.com"]) Begin emission: ....................................................................................*...........................*.....*.....*......*.*....*..*..*...*....*.*..*...* ..*....*....................*......*.*...................*.*..........*..*......*....*..Finished to send 90 packets. ....*...*..*..*....*.*.................*..*....*.......*...*.............*.*.*....*...*..*..*.*..........**...*......**..*...*..........*.......*.*..........*.*... .....*.*....*...*..... Received 436 packets, got 60 answers, remaining 30 packets 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 3 3 2001:41d0::782 3 2001:41d0::171 3 2001:41d0::b72 3 4 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 5 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 6 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 7 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 8 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA - 10 2001:1890:ff:ffff:12:122:1:173 3 - - 11 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 12 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 13 - 2001:41d0:8:68dd:1:2:3:4 SA - 14 2001:420:1100:6::1 3 - - 15 2001:420:1100:2::1 3 - - 16 - 2001:41d0:8:68dd:1:2:3:4 SA - 17 2001:420:1101:1::a SA - - 18 - 2001:41d0:8:68dd:1:2:3:4 SA - 19 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 21 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA - 25 2001:420:1101:1::a SA - - 26 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 27 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 28 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 29 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA - 30 - 2001:41d0:8:68dd:1:2:3:4 SA - (<Traceroute: TCP:38 UDP:0 ICMP:0 Other:22>, <Unanswered: TCP:30 UDP:0 ICMP:0 Other:0>) >>>
  • 18. Display the packet again >>> ans,unans=_ >>> unans <Unanswered: TCP:6 UDP:0 ICMP:0 Other:0> >>> unans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:irc > 2001:41d0:0008:68dd:0001:0002:0003:0004:www S 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:7363 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S 0002 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:35159 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S 0003 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:3113 > 2001:0420:1101:0001:0000:0000:0000:000a:www S 0004 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:15173 > 2001:0420:1101:0001:0000:0000:0000:000a:www S 0005 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:27103 > 2001:0420:1101:0001:0000:0000:0000:000a:www S >>> ans.show() 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 3 3 2001:41d0::782 3 2001:41d0::167 3 2001:41d0::b72 3 4 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 5 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 6 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 7 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 8 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 10 2001:1890:ff:ffff:12:122:1:173 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 11 2001:1890:ff:ffff:12:122:28:174 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 12 2001:1890:ff:ffff:12:122:119:9 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 13 2001:1890:c00:8701::11b7:3f7f 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 14 2001:420:1100:6::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 15 2001:420:1100:2::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 16 2001:420:1100:100::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 17 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 18 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 19 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 21 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 25 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 26 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 27 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 28 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 29 - 2001:41d0:8:68dd:1:2:3:4 SA - >>>
  • 19. Ping TCP flag « A » >>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,666],flags="A")) Begin emission: ..............Finished to send 2 packets. ..............** Received 30 packets, got 2 answers, remaining 0 packets >>> ans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:666 A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:666 > 2001:41d0:1:f24a:1:2:3:4:ftp_data R >>> >>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,25],flags="A")) Begin emission: ......Finished to send 2 packets. .......................*.......* Received 38 packets, got 2 answers, remaining 0 packets >>> ans.show() 0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R 0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:smtp A ==> IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:smtp > 2001:41d0:1:f24a:1:2:3:4:ftp_data R >>> unans.show() >>>
  • 20. Sniff packets >>> sniff() ^C<Sniffed: TCP:1113 UDP:3 ICMP:0 Other:19> >>> >>> a=_ >>> a.nsummary() 0000 Ether / IP / TCP 91.121.177.74:ssh > 82.242.109.52:53421 PA / Raw 0001 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 A 0002 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 PA / Raw [SNIP] >>> a[3] <Ether dst=00:00:0c:07:ac:01 src=38:60:77:d4:fa:d3 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=52 id=52244 flags=DF frag=0L ttl=64 proto=tcp chksum=0xa1c5 src=91.121.177.74 dst=82.242.109.52 options='' |<TCP sport=8880 dport=52586 seq=3851900756 ack=4220157835 dataofs=8L reserved=0L flags=A window=122 chksum=0xcd10 urgptr=0 options=[('NOP', None), ('NOP', None), ('Timestamp', (962435905, 1350247719))] |>>>
  • 21. Sniff icmp6 packets >>> sniff(iface="eth0", filter="icmp6", count=10) <Sniffed: TCP:4 UDP:0 ICMP:0 Other:6> >>> a=_ >>> a.nsummary() 0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A 0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A 0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw 0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A 0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d3 0005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400) 0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3) 0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:00 0009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4) >>>
  • 23. What is Nessus? ¡  Nessus is a powerfull Security Scanner ¡  It scan a host or a subnet for the host and look for all the system weaknesses which could be used to attack your system ¡  It is a great tool to perform a Security Audit before a change in the Network and After
  • 24. Nessus Scanning Result in Real-time
  • 27. CISCO Firewall ¡  PIX Firewall since the early 90s ¡  PIX was the #1 IP firewall for many years ¡  The #2 was Checkpoint on Windows with its own IP Stack ¡  The PIX and now the ASA has its own OS which is much stronger than other Firewalls running on Windows ¡  Today FORTINET propose a very powerfull Appliance to compete with ASA
  • 32. What is Snort ? Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort also has a modular real-time alerting capability, incorporating alerting and logging plugins for syslog, a ASCII text files, UNIX sockets, database (Mysql/PostgreSQL/Oracle/ODBC) or XML. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in tcpdump(1) binary format, to a database or in Snort's decoded ASCII format to a hierarchy of logging directories that are named based on the IP address of the "foreign" host. Log info in Syslog http://manual.snort.org/node2.html
  • 33.
  • 34.
  • 35. SNORT Example from Syslog while shutdown host Aug 28 06:46:02 ns3000172 snort[21339]: Breakdown by protocol (includes rebuilt packets): Aug 28 06:46:02 ns3000172 snort[21339]: ETH: 672145 (100.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ETHdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: VLAN: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IPV6: 107583 (16.006%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6 EXT: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6opts: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP6disc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IP4: 505375 (75.188%) Aug 28 06:46:02 ns3000172 snort[21339]: IP4disc: 9988 (1.486%) Aug 28 06:46:02 ns3000172 snort[21339]: TCP 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: UDP 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP-IP: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: TCP: 124453 (18.516%) Aug 28 06:46:02 ns3000172 snort[21339]: UDP: 269581 (40.108%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMP: 91894 (13.672%) Aug 28 06:46:02 ns3000172 snort[21339]: TCPdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: UDPdisc: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ICMPdis: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: FRAG: 84 (0.012%) Aug 28 06:46:02 ns3000172 snort[21339]: FRAG 6: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ARP: 59187 (8.806%) Aug 28 06:46:02 ns3000172 snort[21339]: EAPOL: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: ETHLOOP: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: IPX: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: OTHER: 9375 (1.395%) Aug 28 06:46:02 ns3000172 snort[21339]: DISCARD: 12087 (1.798%) Aug 28 06:46:02 ns3000172 snort[21339]: InvChkSum: 70086 (10.427%) Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 1: 0 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 2: 1 (0.000%) Aug 28 06:46:02 ns3000172 snort[21339]: Total: 672145 Aug 28 06:46:02 ns3000172 snort[21339]:
  • 36. Snort Utilization ¡  Sniffer Mode «  Snort –vde 08/29-01:47:12.381297 6C:9C:ED:BB:BD:80 -> E0:CB:4E:8C:2A:8A type:0x800 len:0x42^C 82.242.109.52:59762 -> 37.59.45.221:22 TCP TTL:54 TOS:0x0 ID:43280 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xAE2BFE00 Ack: 0x3C33BDF7 Win: 0x802C TcpLen: 32 TCP Options (3) => NOP NOP TS: 1653158964 69394 *** Caught Int-Signal Run time prior to being shutdown was 2.419819 seconds =============================================================================== Packet Wire Totals: Received: 1948 Analyzed: 1946 (99.897%) Dropped: 0 (0.000%) Outstanding: 2 (0.103%) =============================================================================== Breakdown by protocol (includes rebuilt packets): ETH: 1946 (100.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 4 (0.206%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 1942 (99.794%) IP4disc: 335 (17.215%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%)…
  • 38. SNMP Version 3 ¡  MD5 or SHA Hash for Authetntication not to send password in Clear Text ¡  DES is used to Encrypt/Decrypt SNMP Messages
  • 39. In SNMPv3 no more Manager and Objects but Entities SNMP Entities SNMP Engine Identified by (SnmpEngineID) Message Access Security DISPATCHER Processing Control Subsystems Subsystem Subsystems w Application(s) Command Notification Proxy Generator Receiver Forwarder Command Notification Other Responder Originator
  • 40. SNMPv3 Minimum Parameters ¡  Username ¡  Security Level «  Some applications require you to explicitly set the security level and others determine it based on the combination of authentication and privacy protocol in use. «  The specified values are noAuthNoPriv, which is no authentication and no privacy, authNoPriv,which is authentication and no privacy,and authPriv, which is authentication and privacy. Note that you cannot have privacy without authentication, but you can have authentication without privacy.
  • 41. SNMPv6 on IPv6 Edit /etc/snmp/snmpd.conf rocommunity IPv6ForLife63 rocommunity6 IPv6ForLife63 syslocation "OVH Datacenter" syscontact fred@ipv6forlife.com #Users Creation createUser monitor SHA monitorpw createUser engineer MD5 engineerpw createUser supervisor MD5 supervisorpw DES supervisorx #Access features rouser monitor noauth .1.3.6.1.2.1 rouser engineer auth .1.3.6.1.2.1 rwuser supervisor auth .1.3.6.1.2.1.1 rouser supervisor priv .1.3.6.1.2.1 "/etc/snmp/snmpd.conf" Restart the server root@ns3000172:/etc/snmp# snmpd udp:161,udp6:161 Try the Client locally root@ns3000172:/etc/snmp# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw localhost .1.3.6.1.2.1.1.6.0 SNMPv2-MIB::sysLocation.0 = STRING: "OVH Datacenter” Try with IPv4 Client root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter"” Try with IPv6 Client root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter"”
  • 42. SNMPv3 AuthNoPriv root@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -A engineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0 iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter
  • 43. SNMPv3 AuthPriv IPv6 snmpget -v 3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -X supervisorx udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0
  • 44. And this is not finished… ¡  More Tools and more fun during the Training. http://ipv6forlife.com/modulation/IPv6HackSecu4.html