Passive_discovery6 passively sniffs the network and dump all client’s IPv6 addresses detected. Passive_discovery6 simply sniffs for the neighbor-advertisement packet in IPv6 networks.
You have to understand the basics of IPv6 networks first. Assuming that you know about IPv4 and what an ARP is, neighbor-advertisement & neighbor-solicitation packets replace the ARP(IPv4) in IPv6.
A neighbor-solicitation is the packet sent from a host to a multicast in-order to get information from neighbors just like an ARP request(“Who is at 192.168.0.1 tell 192.168.0.2”) to broadcast in IPv4.
The neighboring hosts reply with neighbor-advertisement which contains all info including the link-layer address(MAC). Unlike arp, this happens in an asynchronous/irregular pattern in an IPv6 network.
Unlike arp, these packets are continuously transmitted throughout the network.
So what passive_discovery6 does is simply grab the neighbor-solicitation packet and display the information on the terminal. This is very simple to use & provides excellent results when combined with parasite6. Click here to view tutorial on parasite6.
Homepage:https://github.com/mmoya/pkg-thc-ipv6/blob/master/passive_discovery6.c
Note: This tutorial was written when Kali 1.0.9 was the latest. In newer versions (Kali Sana & Kali Rolling) the command has changed to atk6-tool. For example, you are using passive_discovery6, in newer version becomes atk6-passive_discovery6.
Syntax: passive_discovery6 interface options -D do also dump destination addresses (does not work with -m) -s do only print the addresses, no other output -m maxhop the maximum number of hops a target which is dumped may be away. 0 means local only, the maximum amount to make sense is usually 5 -R prefix exchange the defined prefix with the link local prefix
Well, this is simple, just get all your interface names & run the tool on them.
Scenario: I am connected to an IPv6 network with range fc00::00/64 and a couple of hosts are also connected to it.
Command: passive_discovery6 eth0<replace with yours>
Wait for a couple of minutes as the advertisement packets only appear after solicitation packets & that too in an irregular manner. Here is the screenshot
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…