[ipv6hackers] Question on tools use to monitor fragmented packet attacks
mh at mh-sec.de
Sat Apr 13 09:58:42 CEST 2013
I use Wireshark, and ignore the decoding and just examine the hexdump
Wireshark tries to be clever, and of course when things are on purpose
not standard it fails.
On 13.04.2013 00:28, Jim Small wrote:
> I've been doing a lot of work with Marc's THC IPv6 tools and Fernando's IPv6 Toolkit. My tool of choice for monitoring is Wireshark. I use a combination of monitoring from the attack system, the attacked system, and ingress/egress switchport SPAN/Monitor captures.
> What I notice is that often times when I fragment packets (e.g. RAs) Wireshark will complain about a malformed frame in the IPv6 decode. Whenever this happens, it seems like Windows 7 also ignores/doesn't process the frames. I've mostly been focused on attacking and defending so I haven't dug into why this is just yet.
> I wanted to ask - when you are attacking/probing/fuzzing systems with fragmented packets - what tools are you using to monitor the frames? If Wireshark fails do you use tcpdump, a hex decoder, or something else?
> Please let me know,
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
Mobil: +49 177 9611560
Fax: +49 30 37309726
Marc Heuse - IT-Security Consulting
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers