Passive_discovery6 passively sniffs the network and dump all client’s IPv6 addresses detected. Passive_discovery6 simply sniffs for the neighbor-advertisement packet in IPv6 networks.
You have to understand the basics of IPv6 networks first. Assuming that you know about IPv4 and what an ARP is, neighbor-advertisement & neighbor-solicitation packets replace the ARP(IPv4) in IPv6.
A neighbor-solicitation is the packet sent from a host to a multicast in-order to get information from neighbors just like an ARP request(“Who is at 192.168.0.1 tell 192.168.0.2”) to broadcast in IPv4.
The neighboring hosts reply with neighbor-advertisement which contains all info including the link-layer address(MAC). Unlike arp, this happens in an asynchronous/irregular pattern in an IPv6 network.
Unlike arp, these packets are continuously transmitted throughout the network.
So what passive_discovery6 does is simply grab the neighbor-solicitation packet and display the information on the terminal. This is very simple to use & provides excellent results when combined with parasite6. Click here to view tutorial on parasite6.
Homepage:https://github.com/mmoya/pkg-thc-ipv6/blob/master/passive_discovery6.c
Note: This tutorial was written when Kali 1.0.9 was the latest. In newer versions (Kali Sana & Kali Rolling) the command has changed to atk6-tool. For example, you are using passive_discovery6, in newer version becomes atk6-passive_discovery6.
Syntax: passive_discovery6 interface options -D do also dump destination addresses (does not work with -m) -s do only print the addresses, no other output -m maxhop the maximum number of hops a target which is dumped may be away. 0 means local only, the maximum amount to make sense is usually 5 -R prefix exchange the defined prefix with the link local prefix
Well, this is simple, just get all your interface names & run the tool on them.
Scenario: I am connected to an IPv6 network with range fc00::00/64 and a couple of hosts are also connected to it.
Command: passive_discovery6 eth0<replace with yours>
Wait for a couple of minutes as the advertisement packets only appear after solicitation packets & that too in an irregular manner. Here is the screenshot
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…
A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
People trying to securely connect to work are being tricked into doing the exact opposite.…
A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…