Discover IPv6 Network Range

Discover IPv6 Network Range & Hosts from an IPv6 Enabled Network Using passive_discovery6

Passive discovery6 actively sniffs the network and the detected IPv6 addresses of all clients are dumped. Passive discovery6 actually sniffs into IPv6 networks for the neighbor-advertisement packet.

First you’ve got to understand the fundamentals of IPv6 networks. Neighbor-advertisement & neighbor-solicitation packets replace the ARP(IPv4) in IPv6, assuming you know about IPv4 and what an ARP is. 

A neighbor request is the packet sent from a host to an in-order multicast to get information from neighbors much like an ARP request (“Tell 192.168.0.1 to 192.168.0.2”) to transmit in IPv4.

Neighboring hosts answer with neighbor-advertisement that contains all the details including the address of the link-layer(MAC). Unlike arp, this happens in an IPv6 network erratic / irregular fashion. 

Unlike arp, these packets are distributed over the network continuously.

So what passive discovery6 does is simply grab the packet of neighbor requests and show the terminal information. This is very easy to use & when paired with parasite6, provides excellent performance. Click here to see Parasite6 tutorial.

Options

Syntax: passive_discovery6 interface options
-D do also dump destination addresses (does not work with -m)
-s do only print the addresses, no other output
-m maxhop the maximum number of hops a target which is dumped may be away.
0 means local only, the maximum amount to make sense is usually 5
-R prefix exchange the defined prefix with the link local prefix

Lab: Discover IPv6 network & Devices

Well, this is easy, just get all your names on the gui and run the tool on it. 

Scenario: I am connected to an IPv6 network with fc00::00/64 range, and a few hosts are connected to it as well.

Command

passive_discovery6 eth0<replace with yours>