IPv6 packet creation
250 views
Skip to first unread message
Richard Woodman
Sep 3, 2015, 10:59:05 AM9/3/15
to osti...@googlegroups.com
Sir,
I need to test firewall malformed IPv6 packet detection / discard. So far, I have created ICMPv6 packets to cover the following:
ICMP packet too large
ICMP router solicitation with code != 0
ICMP router advertisement with code != 0
ICMP destination unreachable with code == 7
However, I need help crafting other packets. For instance, I need to craft an otherwise valid router solicitation message but with a reserved field != 0. I also need to craft route header 0 packets, packets with multiple extension headers, router advertisement with reachable time > 1 hour, and next-hop routing but routing header set to hop-by-hop. Do I need to just add more IPv6 protocols in the advanced tab to get additional extension headers? Am I required to PCAP some ICMP / TCP / UDP traffic, try to edit it, and then import into Ostinato? I am having a difficult time finding much on IPv6 packet crafting and most of the tutorials only show IPv4 ICMP.
All that said, I was able to get several of the ICMPv6 packets crafted and my SRX to log the events, mainly because the Ostinato interface is pretty easy to use. I’m wondering if maybe I’m just asking too much from the GUI and am afraid I will need to learn Python or PCAP manipulation or something else. Thanks for an awesome tool and I really hope I can use it to finish my testing.
Richard
Srivats P
Sep 3, 2015, 11:15:53 AM9/3/15
to Richard Woodman, ostinato
Richard,
At the moment, the IPv6 Extension Headers are not implemented in
Ostinato - so you can't configure them as easily as the basic IPv6
packet.
You have 2 options to create such packets -
1. You can use the advanced protocols to stack a "Hexdump Protocol" on
top of IPv6 and configure the values in it such that it matches what
the IPv6 extension header would have. This requires knowledge of the
header format and familiarity with hex values
2. Slightly easier option is to get a pcap containing packets similar
to what you want. Just open the pcap in Ostinato and the extension
headers will be imported as hexdumps that you can edit. Note that you
don't need to necessarily capture these packets - there are websites
where you can get sample PCAPs e.g.
https://wiki.wireshark.org/SampleCaptures. You will still need to edit
the hexdump if you need to change the values in the extension header.
Srivats
> --
> Get Ostinato News and Updates on Twitter - Follow @ostinato
> (http://twitter.com/ostinato)
> ---
> You received this message because you are subscribed to the Google Groups
> "ostinato" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ostinato+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
http://ostinato.org/
@ostinato
At the moment, the IPv6 Extension Headers are not implemented in
Ostinato - so you can't configure them as easily as the basic IPv6
packet.
You have 2 options to create such packets -
1. You can use the advanced protocols to stack a "Hexdump Protocol" on
top of IPv6 and configure the values in it such that it matches what
the IPv6 extension header would have. This requires knowledge of the
header format and familiarity with hex values
2. Slightly easier option is to get a pcap containing packets similar
to what you want. Just open the pcap in Ostinato and the extension
headers will be imported as hexdumps that you can edit. Note that you
don't need to necessarily capture these packets - there are websites
where you can get sample PCAPs e.g.
https://wiki.wireshark.org/SampleCaptures. You will still need to edit
the hexdump if you need to change the values in the extension header.
Srivats
> Get Ostinato News and Updates on Twitter - Follow @ostinato
> (http://twitter.com/ostinato)
> ---
> You received this message because you are subscribed to the Google Groups
> "ostinato" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ostinato+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
http://ostinato.org/
@ostinato
Reply all
Reply to author
Forward
0 new messages