Passive_discovery6 passively sniffs the network and dump all client’s IPv6 addresses detected. Passive_discovery6 simply sniffs for the neighbor-advertisement packet in IPv6 networks.
You have to understand the basics of IPv6 networks first. Assuming that you know about IPv4 and what an ARP is, neighbor-advertisement & neighbor-solicitation packets replace the ARP(IPv4) in IPv6.
A neighbor-solicitation is the packet sent from a host to a multicast in-order to get information from neighbors just like an ARP request(“Who is at 192.168.0.1 tell 192.168.0.2”) to broadcast in IPv4.
The neighboring hosts reply with neighbor-advertisement which contains all info including the link-layer address(MAC). Unlike arp, this happens in an asynchronous/irregular pattern in an IPv6 network.
Unlike arp, these packets are continuously transmitted throughout the network.
So what passive_discovery6 does is simply grab the neighbor-solicitation packet and display the information on the terminal. This is very simple to use & provides excellent results when combined with parasite6. Click here to view tutorial on parasite6.
Homepage:https://github.com/mmoya/pkg-thc-ipv6/blob/master/passive_discovery6.c
Note: This tutorial was written when Kali 1.0.9 was the latest. In newer versions (Kali Sana & Kali Rolling) the command has changed to atk6-tool. For example, you are using passive_discovery6, in newer version becomes atk6-passive_discovery6.
Syntax: passive_discovery6 interface options -D do also dump destination addresses (does not work with -m) -s do only print the addresses, no other output -m maxhop the maximum number of hops a target which is dumped may be away. 0 means local only, the maximum amount to make sense is usually 5 -R prefix exchange the defined prefix with the link local prefix
Well, this is simple, just get all your interface names & run the tool on them.
Scenario: I am connected to an IPv6 network with range fc00::00/64 and a couple of hosts are also connected to it.
Command: passive_discovery6 eth0<replace with yours>
Wait for a couple of minutes as the advertisement packets only appear after solicitation packets & that too in an irregular manner. Here is the screenshot
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…