Nmap & IPv6 - NM

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

7 hours 1 minute
Video Transcription
Welcome to the end map lesson on any map and i p v six.
In your own map scanning, you may encounter local or remote targets that are on Lee configured using I P. V. Six. Unless you're scanning station is set up properly. You won't be able to run and map skins against them.
This lesson is focused on the most important points about running and map scans against IBV six targets.
Let's get started.
Here are the learning objectives for this lesson.
First, we'll go over some General I P v six information with regards to end map.
Next, we'll talk about en masse requirements for the use of I P v six. And finally we'll go over the command line options you need to know in order to run in Mount Scans against I. P v six targets
since 2002 and map has supported I. P v six
I. P v six hasn't exactly taking the world by storm. Like most people, including me, thought it might, especially in the US
I think this is thanks in part to private addressing and network address translation.
And although Aaron has exhausted all of its I P V four addresses. I haven't seen a lot of instances where I S P s, data centers or cloud service providers haven't been able to provide ample amount of i p feet before addresses when justification has been provided.
Nevertheless, as network administrators and information security professionals, we must know how to deal with I v. V six, whether on a local network or over the Internet.
Most of n map scanning features work just fine. Using IBV six addresses,
for example, he's be only ping scanning, connects, scanning and service in application version detection.
One of the biggest pieces of advice I can provide to you is that you run and map scans against IBV six targets using their host name instead of their I P V six address.
The reason for this is pretty clear. I p v six addresses there a lot longer and more complicated to type. I'll go over the syntax later,
when you run your IBV six scans, you'll see that the output looks exactly the same.
The only difference is that you'll see an I P. V six address at the top of your scan results.
This is nice because once you get used to looking at scan results and then map.
The difference between before and V six scans is negligible. I've included a clip here from an I V I P v six scan with the address highlighted.
Here are some requirements for running scans against I P V six targets.
First, both your scanning station and your target must be configured for I P v six.
When you're scanning, scanning a local network, this usually isn't a problem. You can skin either link local or site local addresses without any problem at all.
However, if you're scanning a remote host, you might run into more issues. Even if you have an I. P V six configured on your scanning station and the remote target also has it configured, your skin may fail.
The reason for this is that your eyes P hasn't provided you with an I. P V six address or your router or firewall is not configured with one.
In other words, you're in maps. Scanning station must be able to successfully route to your target using IBV six.
If your eyes be hasn't provided you with an I P V six address, you can use a tunnel broker service.
There are plenty of really good and free service is out there that will allow you to set up an account and allow you to configure your computer or your Internet access device with I V V six routing capabilities.
The last bullet point on this slide provides you with a link to a really good tunnel broker service, but feel free to search for others and give them a shot.
Another way to do this is by using 6 to 4 I p v six tunneling as described in RFC 30 56.
Essentially, this enables encapsulation of i P v six packets into I pee before for transport across in IBV six Network.
For those of you Cisco pros, this is essentially done using dual stacking, and it's pretty easy to accomplish.
Okay, so here are the command line options for using I P V six an end map.
Like I mentioned before, when you run in and maps can against a target that uses I V. V six, you simply need to add the Dash six option
or, if you like to type, you can use the dash Dash I P V six.
If you're scanning an I P V six target using its host name or address one of these command lines, which is is essential.
The next option is dash Capital s.
This command line switch allows you to specify the source address. In other words, you can use it to specify a source address other than your own.
Essentially, this is Ibv six spoofing
the third option here. Dash, dash, hop, dash, limit space number of hops sets the hot limit field and back. It's sent from your scanning station. This essentially determines how long data grams are allowed to exist on the network
and represents the number of hops a packet can take before being dropped.
It acts very similarly to T t l and I be before
the last bullet point. Here is a girl to the section in an online and map book that covers what I've talked about in this lesson.
It also provides you with a couple other I p v six command line options. In case you're interested
in this lesson, we went over the following first we discussed in General I v V six information with regards to end map.
Next we talked about and maps requirements for the use of I. P. V six and finally went. We went over some command line options you need to know in order to run and map scans against HPV. Six targets.
Thanks so much for watching, and I'll see you in the next lesson.
Up Next