[ipv6hackers] Question on tools use to monitor fragmented packet attacks
jim.small at cdw.com
Sat Apr 13 00:28:13 CEST 2013
I've been doing a lot of work with Marc's THC IPv6 tools and Fernando's IPv6 Toolkit. My tool of choice for monitoring is Wireshark. I use a combination of monitoring from the attack system, the attacked system, and ingress/egress switchport SPAN/Monitor captures.
What I notice is that often times when I fragment packets (e.g. RAs) Wireshark will complain about a malformed frame in the IPv6 decode. Whenever this happens, it seems like Windows 7 also ignores/doesn't process the frames. I've mostly been focused on attacking and defending so I haven't dug into why this is just yet.
I wanted to ask - when you are attacking/probing/fuzzing systems with fragmented packets - what tools are you using to monitor the frames? If Wireshark fails do you use tcpdump, a hex decoder, or something else?
Please let me know,
More information about the Ipv6hackers