sourCEntral - mobile manpages

pdf

PATH6

NAME

path6 − A versatile IPv6−based traceroute tool

SYNOPSIS

path6 [−d] [−i INTERFACE] [−s SRC_ADDR[/LEN]] [−S LINK_SRC_ADDR] [−D LINK_DST_ADDR] [−y FRAG_SIZE] [−u DST_OPT_HDR_SIZE] [−U DST_OPT_U_HDR_SIZE] [−H HBH_OPT_HDR_SIZE] [−r LIMIT] [−p PROBE_TYPE] [−P PAYLOAD_SIZE] [−a DST_PORT] [−X TCP_FLAGS] [−v] [−h]

DESCRIPTION

path6 is an IPv6 traceroute tool, with full support for IPv6 Extension Headers. It is part of the SI6 Networks’ IPv6 Toolkit: a security assessment suite for the IPv6 protocols.

OPTIONS

path6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "−i") or with a long name (a string preceded with two hyphen characters, as e.g. "−−interface").

Most of probe packet details can be specified by means of the available options. When TCP or UDP probe packets are employed, the Source Port of the probe packets is used to encode the probe packet number.

The current version of the tool will only print IPv6 addresses and will not try to reverse−map such IPv6 addresses into hostnames.
−i 
interface, −−interface interface

This option specifies the network interface to be used by the path6 tool. It can be used for overriding the output interface selected based on the local routing table.

−s SRC_ADDR, −−src−address SRC_ADDR

This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the attack packets. If a prefix is specified, the Source Address is randomly selected from that prefix.

−d DST_ADDR, −−dst−address DST_ADDR

This option specifies the IPv6 Destination Address of the target.

−S SRC_LINK_ADDR, −−src−link−address SRC_LINK_ADDR

This option can be used to override the link−layer Source Address of the packets.

−D DST_LINK_ADDR, −−dst−link−address DST_LINK_ADDR

This option can be used to override the link−layer Destination Address of the outgoing packets.

−y SIZE, −−frag−hdr SIZE

This option specifies that the probe packets must be fragmented. The fragment size must be specified as an argument to this option.

−u HDR_SIZE, −−dst−opt−hdr HDR_SIZE

This option specifies that a Destination Options header is to be included in the outgoing packet(s). The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "−u" options.

−U HDR_SIZE, −−dst−opt−u−hdr HDR_SIZE

This option specifies a Destination Options header to be included in the "unfragmentable part" of the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "−U" options.

−H HDR_SIZE, −−hbh−opt−hdr HDR_SIZE

This option specifies that a Hop-by-Hop Options header is to be included in the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "−H" options.

−p PROBE_TYPE, −−probe−type PROBE_TYPE

This option specifies the protocol to be used for the probe packets. Possible arguments are: "icmp" (for ICMPv6 Echo Request), "tcp" (for TCP), and "udp" (for UDP). If left unspecified, the probe packets default to ICMPv6 Echo Request.

−P PAYLOAD_SIZE, −−payload−size PAYLOAD_SIZE

This option specifies the payload size of the probe packets.

−o SRC_PORT, −−src−port SRC_PORT

This option specifies the TCP/UDP Source Port. If left unspecified, the Source Port is randomized from the range 1024−65535.

−a DST_PORT, −−dst−port DST_PORT

This option specifies the TCP/UDP Destination Port. If left unspecified, the Destination Port defaults to 80 for the TCP case, and a randomized value (in the range 60000−65000) for the UDP case.

−X TCP_FLAGS, −−tcp−flags TCP_FLAGS

This option is used to set specific the TCP flags. The flags are specified as "F" (FIN), "S" (SYN), "R" (RST), "P" (PSH), "A" (ACK), "U" (URG), "X" (no flags).

If this option is left unspecified, the ACK bit is set on all probe packets.

−v−−verbose

This option selects the "verbosity" of the tool. If this option is left unspecified, only minimum information is printed.

−h−−help

Print help information for the path6 tool.

EXAMPLES

The following sections illustrate typical use cases of the path6 tool.

Example #1

# scan6 −i eth0 −L −e −v

Perform host scanning on the local network ("−L" option) using interface "eth0" ("−i" option). Use both ICMPv6 echo requests and unrecognized IPv6 options of type 10xxxxxx (default). Print link-link layer addresses along with IPv6 addresses ("−e" option). Be verbose ("−v" option).

Example #2

# scan6 −d 2001:db8::/64 −−tgt−virtual−machines all −−ipv4−host 10.10.10.0/24

Scan for virtual machines (both VirtualBox and vmware) in the prefix 2001:db8::/64. The additional information about the IPv4 prefix employed by the host system is leveraged to reduce the search space.

Example #3

# scan6 −d 2001:db8::/64 −−tgt−ipv4−embedded ipv4−32 −−ipv4−host 10.10.10.0/24

Scan for IPv6 addresses of the network 2001:db8::/64 that embed the IPv4 prefix 10.10.10.0/24 (with the 32-bit encoding).

Example #4

# scan6 −d 2001:db8:0−500:0−1000

Scan for IPv6 addresses of the network 2001:db8::/64, varying the two lowest order 16−bit words of the addresses in the range 0−500 and 0−1000, respectively.

Example #5

# scan6 −d fc00::/64 −−tgt−vendor ’Dell Inc’ −p tcp

Scan for network devices manufactured by ’Dell Inc’ in the target prefix fc00::/64. The tool will employ TCP segments as the probe packets (rather than the default ICMPv6 echo requests).

SEE ALSO

ipv6toolkit.conf(5)

draft−ietf−opsec−ipv6−host−scanning (available at:eal−world>) <http://tools.ietf.org/html/draft−gont−v6ops−ipv6−ehs−in− for a discussion of support of IPv6 packets with extension headers in the IPv6 Internet.

AUTHOR

The path6 tool and the corresponding manual pages were produced by Fernando Gont <fgont AT si6networks DOT com> for SI6 Networks <http://www.si6networks.com>.

COPYRIGHT

Copyright (c) 2014−2015 Fernando Gont.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front−Cover Texts, and no Back−Cover Texts. A copy of the license is available at <http://www.gnu.org/licenses/fdl.html>.

pdf