systems:ipv6
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
systems:ipv6 [2018/01/10 07:21] – superwizard | systems:ipv6 [2020/07/25 19:01] (current) – [IPV6 Ranges] superwizard | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== IPV6 Ranges ====== | ||
+ | |||
+ | <WRAP center round box > | ||
+ | From: https:// | ||
+ | |||
+ | </ | ||
+ | |||
+ | Facts about numbers | ||
+ | |||
+ | Also: https:// | ||
+ | |||
+ | |||
+ | < | ||
+ | 2000::/3 | ||
+ | To 3fff: | ||
+ | 2**125 = 42535295865117307932921825928971026432 Hosts | ||
+ | </ | ||
+ | |||
+ | ====== ipv6 survey of implementation ====== | ||
+ | |||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | During the Joint Techs meeting at Fermilab Ron Broersma of Defense Research and Engineering Network | ||
+ | (DREN) included a scorecard in his presentation that tried to quantify how well major organisations | ||
+ | were embracing IPv6. I thought that this was such a fine idea that I’ve decided to replicate it here. | ||
+ | </ | ||
+ | |||
+ | Also Testing: http:// | ||
+ | |||
+ | < | ||
+ | IPv6 Testing Tools | ||
+ | IPv6, like any new technology, takes time to implement and operate. Here are some tools to make | ||
+ | checking, tracing and verifying IPv6 easier for you. | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ====== DUID Conflict between two Computers How to reset DUID ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | duplicate ip | ||
+ | |||
+ | < | ||
+ | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters | ||
+ | Dhcpv6DUID=hex: | ||
+ | |||
+ | reg delete HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v Dhcpv6DUID | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Disabling RFC 4941 IPv6 Privacy Extensions in Windows ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | RFC 4941 defines a series of Privacy Extensions for Stateless Address Autoconfiguration | ||
+ | in IPv6 | ||
+ | |||
+ | By default, Windows Vista, Windows 7 and Windows Server 2008 generate random interface IDs | ||
+ | for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses, | ||
+ | rather than using EUI-64 derived interface IDs.1 While these are permanent, so don’t change, | ||
+ | this leads to potential confusion when a host’s expected EUI-64 derived address is unreachable! | ||
+ | |||
+ | Thankfully it’s trivial to disable this behaviour, fire up cmd.exe and issue the following. | ||
+ | |||
+ | netsh interface ipv6 set global randomizeidentifiers=disabled store=active | ||
+ | netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent | ||
+ | |||
+ | In addition to this, the RFC states that the use of temporary addresses should be disabled | ||
+ | by default. | ||
+ | |||
+ | The use of temporary addresses may cause unexpected difficulties with some applications. | ||
+ | [snip] Consequently, | ||
+ | to minimize potential disruptions. Individual applications, | ||
+ | about the normal duration of connections, | ||
+ | Windows Vista and Windows 7 ignore the advice of the RFC and also configure temporary global | ||
+ | or unique local addresses as per RFC 4941 (EDIT: OS X also does this since 10.7, so do many | ||
+ | Linux distros). This behaviour is disabled by default on Windows Server 2008. | ||
+ | |||
+ | To disable privacy extensions entirely, fire up cmd.exe and issue the following. | ||
+ | |||
+ | netsh interface ipv6 set privacy state=disabled store=active | ||
+ | netsh interface ipv6 set privacy state=disabled store=persistent | ||
+ | |||
+ | The changes will take immediate effect without needing to reboot, they’ll also persist | ||
+ | after a reboot. | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Multicast Address Space Registry ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | IPv6 multicast addresses are distinguished from unicast addresses by the | ||
+ | value of the high-order octet of the addresses: a value of 0xFF (binary | ||
+ | 11111111) identifies an address as a multicast address; any other value | ||
+ | identifies an address as a unicast address. | ||
+ | |||
+ | </ | ||
+ | |||
====== Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users ====== | ====== Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users ====== | ||
Line 239: | Line 343: | ||
< | < | ||
+ | nmap -6 --script=broadcast-dhcp6-discover | ||
netsh int ipv6 show prefixpolicies | netsh int ipv6 show prefixpolicies | ||
netsh interface ipv6 show address | netsh interface ipv6 show address | ||
+ | netsh interface ipv6 show interface | ||
netsh interface ipv6 show neighbors | netsh interface ipv6 show neighbors | ||
netsh interface ipv6 delete neighbors | netsh interface ipv6 delete neighbors | ||
Line 246: | Line 352: | ||
netsh interface ipv6 delete destinationcache | netsh interface ipv6 delete destinationcache | ||
netsh interface ipv6 show route | netsh interface ipv6 show route | ||
+ | netsh interface ipv6 show joins | ||
route print | route print | ||
tracert | tracert | ||
Pathping | Pathping | ||
Ping | Ping | ||
- | ipconfig | + | ipconfig |
netsh interface ipv6 show ipstats | netsh interface ipv6 show ipstats | ||
netsh interface ipv6 show global | netsh interface ipv6 show global | ||
Line 276: | Line 383: | ||
nslookup isp.test-ipv6.com | nslookup isp.test-ipv6.com | ||
nslookup | nslookup | ||
+ | nslookup | ||
+ | |||
+ | |||
+ | nmap -6 --script=targets-ipv6-multicast-echo.nse --script-args ' | ||
</ | </ | ||
Line 373: | Line 484: | ||
+ | ====== IPv6 Addressing (TechRef) ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | |||
+ | {{ https:// | ||
+ | |||
+ | < | ||
+ | good overview | ||
+ | </ | ||
====== IPv6 Addressing Structure ====== | ====== IPv6 Addressing Structure ====== | ||
systems/ipv6.1515568898.txt.gz · Last modified: 2018/01/10 07:21 by superwizard