Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: ICMPv6 and Type 139/140  (Read 2824 times)

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1723
ICMPv6 and Type 139/140
« on: March 17, 2014, 04:48:37 PM »

So had a random request from some people, how to figure out IPv4 addresses of hosts on a network that didn't allow IPv4 ping broadcasts, and had no access to switch/router layer. After some thinking and poking around RFCs, I found that ping6 (on Linux at least) has the -N flag and 'ipv4/ipv4-all' options for the flag. Reading up on this it looks like the target/destination should be, at the least, sending a reply packet. However running tcpdump on the remote target it sees the Type 139 come in, but then never sends out replies. Think this is something disabled in a stock Ubuntu 12.04 kernel? Anyone tried this kind of ICMPv6 traffic before? I'm referencing http://tools.ietf.org/html/rfc4620#section-6.4

-Edit- I am starting to see some specific posts about 12.04 and needing to use ninfod. If this works, great that takes care of the testing *I* was doing, however what they need is it to work on Android.
« Last Edit: March 17, 2014, 05:22:03 PM by broquea »
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1723
Re: ICMPv6 and Type 139/140
« Reply #1 on: March 17, 2014, 05:21:51 PM »

Ok ninfod compiled, running with -g and it works.....

Code: [Select]
$ ping6 -N ipv4-all ipvsix.me
PING ipvsix.me(ipvsix.me) 56 data bytes
40 bytes from ipvsix.me: 127.0.0.1, 10.23.23.254, 72.52.116.26; ttl=63
40 bytes from ipvsix.me: 127.0.0.1, 10.23.23.254, 72.52.116.26; ttl=63

aaaaaaaaaand disabling the hell out of that :) Definitely see why that is disabled by default!

-Edit- quick write-up on tonight's fun
« Last Edit: March 17, 2014, 07:29:15 PM by broquea »
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 953
Re: ICMPv6 and Type 139/140
« Reply #2 on: March 18, 2014, 01:42:55 AM »

Anyone tried this kind of ICMPv6 traffic before?
I have been playing a bit with it
Code: [Select]
ping6 -n -i0.2 -Nname 4620.kasperd.netI don't know if there is any kernel with RFC4620 support built in. It does seem like something you'd only have a user mode daemon to respond to. And for obvious reasons, this is a daemon one would not expect to be installed by default. I haven't even tried installing such a daemon on Ubuntu, but I have however implemented an RFC4620 responder in my own stack, and tested interoperability with the ping6 command on Ubuntu. (Ubuntu 12.04 or later needed, since earlier versions did not have this option for ping6).
Logged