Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PATH6(1)		    General Commands Manual		      PATH6(1)

NAME
       path6 - A versatile IPv6-based traceroute tool

SYNOPSIS
       path6  [-d]  [-i	 INTERFACE] [-s	SRC_ADDR[/LEN]]	[-S LINK_SRC_ADDR] [-D
       LINK_DST_ADDR]	 [-y	FRAG_SIZE]    [-u    DST_OPT_HDR_SIZE]	   [-U
       DST_OPT_U_HDR_SIZE]  [-H	 HBH_OPT_HDR_SIZE]  [-r	LIMIT] [-p PROBE_TYPE]
       [-P PAYLOAD_SIZE] [-a DST_PORT] [-X TCP_FLAGS] [-v] [-h]

DESCRIPTION
       path6 is	an IPv6	traceroute tool, with full support for IPv6  Extension
       Headers.	 It  is	part of	the SI6	Networks' IPv6 Toolkit:	a security as-
       sessment	suite for the IPv6 protocols.

OPTIONS
       path6 takes its parameters as command-line options. Each	of the options
       can be specified	with a short name (one character preceded with the hy-
       phen character, as e.g. "-i") or	with a long name  (a  string  preceded
       with two	hyphen characters, as e.g. "--interface").

       Most of probe packet details can	be specified by	means of the available
       options.	When TCP or UDP	probe packets are employed, the	Source Port of
       the probe packets is used to encode the probe packet number.

       The current version of the tool will only print IPv6 addresses and will
       not try to reverse-map such IPv6	addresses into hostnames.

       -i interface, --interface interface

	      This option specifies the	network	interface to be	 used  by  the
	      path6  tool.  It can be used for overriding the output interface
	      selected based on	the local routing table.

       -s SRC_ADDR, --src-address SRC_ADDR

	      This option specifies the	IPv6 source address (or	 IPv6  prefix)
	      to  be  used  for	the Source Address of the attack packets. If a
	      prefix is	specified, the Source  Address	is  randomly  selected
	      from that	prefix.

       -d DST_ADDR, --dst-address DST_ADDR

	      This  option  specifies the IPv6 Destination Address of the tar-
	      get.

       -S SRC_LINK_ADDR, --src-link-address SRC_LINK_ADDR

	      This option can be used to override the  link-layer  Source  Ad-
	      dress of the packets.

       -D DST_LINK_ADDR, --dst-link-address DST_LINK_ADDR

	      This  option  can	be used	to override the	link-layer Destination
	      Address of the outgoing packets.

       -y SIZE,	--frag-hdr SIZE

	      This option specifies that the probe packets must	be fragmented.
	      The  fragment  size must be specified as an argument to this op-
	      tion.

       -u HDR_SIZE, --dst-opt-hdr HDR_SIZE

	      This option specifies that a Destination Options header is to be
	      included	in  the	 outgoing packet(s). The extension header size
	      must be specified	as an argument to this option (the  header  is
	      filled with padding options). Multiple Destination Options head-
	      ers may be specified by means of multiple	"-u" options.

       -U HDR_SIZE, --dst-opt-u-hdr HDR_SIZE

	      This option specifies a Destination Options  header  to  be  in-
	      cluded  in  the "unfragmentable part" of the outgoing packet(s).
	      The header size must be specified	as an argument to this	option
	      (the  header  is filled with padding options). Multiple Destina-
	      tion Options headers may be specified by means of	multiple  "-U"
	      options.

       -H HDR_SIZE, --hbh-opt-hdr HDR_SIZE

	      This  option specifies that a Hop-by-Hop Options header is to be
	      included in the outgoing packet(s).  The	header	size  must  be
	      specified	 as  an	 argument to this option (the header is	filled
	      with padding options). Multiple Hop-by-Hop Options  headers  may
	      be specified by means of multiple	"-H" options.

       -p PROBE_TYPE, --probe-type PROBE_TYPE

	      This  option  specifies  the  protocol  to be used for the probe
	      packets. Possible	arguments are: "icmp"  (for  ICMPv6  Echo  Re-
	      quest),  "tcp"  (for TCP), and "udp" (for	UDP). If left unspeci-
	      fied, the	probe packets default to ICMPv6	Echo Request.

       -P PAYLOAD_SIZE,	--payload-size PAYLOAD_SIZE

	      This option specifies the	payload	size of	the probe packets.

       -o SRC_PORT, --src-port SRC_PORT

	      This option specifies the	TCP/UDP	Source Port. If	left  unspeci-
	      fied, the	Source Port is randomized from the range 1024-65535.

       -a DST_PORT, --dst-port DST_PORT

	      This  option specifies the TCP/UDP Destination Port. If left un-
	      specified, the Destination Port defaults to 80 for the TCP case,
	      and  a  randomized  value	(in the	range 60000-65000) for the UDP
	      case.

       -X TCP_FLAGS, --tcp-flags TCP_FLAGS

	      This option is used to set specific the TCP flags. The flags are
	      specified	 as  "F"  (FIN),  "S" (SYN), "R" (RST),	"P" (PSH), "A"
	      (ACK), "U" (URG),	"X" (no	flags).

	      If this option is	left unspecified, the ACK bit is  set  on  all
	      probe packets.

       -v, --verbose

	      This  option selects the "verbosity" of the tool.	If this	option
	      is left unspecified, only	minimum	information is printed.

       -h, --help

	      Print help information for the path6 tool.

EXAMPLES
       The following sections illustrate typical use cases of the path6	tool.

       Example #1

       # scan6 -i eth0 -L -e -v

       Perform host scanning on	the local network ("-L"	option)	 using	inter-
       face  "eth0"  ("-i" option). Use	both ICMPv6 echo requests and unrecog-
       nized IPv6 options of type 10xxxxxx (default).  Print  link-link	 layer
       addresses along with IPv6 addresses ("-e" option). Be verbose ("-v" op-
       tion).

       Example #2

       #  scan6	 -d  2001:db8::/64  --tgt-virtual-machines   all   --ipv4-host
       10.10.10.0/24

       Scan  for  virtual  machines (both VirtualBox and vmware) in the	prefix
       2001:db8::/64. The additional information about	the  IPv4  prefix  em-
       ployed by the host system is leveraged to reduce	the search space.

       Example #3

       #   scan6  -d  2001:db8::/64  --tgt-ipv4-embedded  ipv4-32  --ipv4-host
       10.10.10.0/24

       Scan for	IPv6 addresses of the network  2001:db8::/64  that  embed  the
       IPv4 prefix 10.10.10.0/24 (with the 32-bit encoding).

       Example #4

       # scan6 -d 2001:db8:0-500:0-1000

       Scan  for  IPv6 addresses of the	network	2001:db8::/64, varying the two
       lowest order 16-bit words of the	 addresses  in	the  range  0-500  and
       0-1000, respectively.

       Example #5

       # scan6 -d fc00::/64 --tgt-vendor 'Dell Inc' -p tcp

       Scan  for network devices manufactured by 'Dell Inc' in the target pre-
       fix fc00::/64. The tool will employ TCP segments	as the	probe  packets
       (rather than the	default	ICMPv6 echo requests).

SEE ALSO
       ipv6toolkit.conf(5)

       draft-ietf-opsec-ipv6-host-scanning	      (availableeal-world_)at:
       _http://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-in-
       for  a  discussion of support of	IPv6 packets with extension headers in
       the IPv6	Internet.

AUTHOR
       The path6 tool and the corresponding manual pages were produced by Fer-
       nando Gont _fgont@si6networks.com_ for SI6 Networks _http://www.si6net-
       works.com_.

COPYRIGHT
       Copyright (c) 2014-2015 Fernando	Gont.

       Permission is granted to	copy, distribute and/or	modify	this  document
       under  the  terms of the	GNU Free Documentation License,	Version	1.3 or
       any later version published by the Free Software	 Foundation;  with  no
       Invariant  Sections,  no	Front-Cover Texts, and no Back-Cover Texts.  A
       copy  of	 the   license	 is   available	  at   _http://www.gnu.org/li-
       censes/fdl.html_.

								      PATH6(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=path6&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help