After you have prepared your system for IPv6, you now want to use IPv6 for network communications. First you should learn how to examine IPv6 packets with a sniffer program. This is strongly recommended because for debugging/troubleshooting issues this can aide in providing a diagnosis very quickly.
This program is normally included in package iputils. It is designed for simple transport tests sending ICMPv6 echo-request packets and wait for ICMPv6 echo-reply packets.
# ping6 <hostwithipv6address> # ping6 <ipv6address> # ping6 [-I <device>] <link-local-ipv6address>
Some implementation also support %<device> suffix instead of using -I <device>, e.g.
# ping6 <link-local-ipv6address>%<device>
# ping6 -c 1 ::1 PING ::1(::1) from ::1 : 56 data bytes 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec --- ::1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
Hint: ping6 needs raw access to socket and therefore root permissions. So if non-root users cannot use ping6 then there are two possible problems:
ping6 is not in users path (probably, because ping6 is generally stored in /usr/sbin -> add path (not really recommended)
ping6 doesn't execute properly, generally because of missing root permissions -> chmod u+s /usr/sbin/ping6
Using link-local addresses for an IPv6 ping, the kernel does not know through which (physically or virtual) device it must send the packet - each device has a link-local address. A try will result in following error message:
# ping6 fe80::212:34ff:fe12:3456 connect: Invalid argument
In this case you have to specify the interface additionally like shown here:
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205 PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from ¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec --- fe80::2e0:18ff:fe90:9205 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip ¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
Example for %<device> notation:
# ping6 -c 1 fe80::2e0:18ff:fe90:9205%eth0
An interesting mechanism to detect IPv6-active hosts on a link is to ping6 to the link-local all-node multicast address:
# ping6 -I eth0 ff02::1 PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms 64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!)
Example for %<device> notation:
# ping6 ff02::1%eth0
Unlike in IPv4, where replies to a ping on the broadcast address can be disabled, in IPv6 currently this behavior cannot be disable except by local IPv6 firewalling.
This older program is normally included in package iputils. It's a program similar to IPv4 traceroute. Below you will see an example:
# traceroute6 www.6bone.net traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30 ¬ hops max, 16 byte packets 1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms
Note: unlike some modern versions of IPv4 traceroute, which can use ICMPv4 echo-request packets as well as UDP packets (default), current IPv6-traceroute is only able to send UDP packets. As you perhaps already know, ICMP echo-request packets are more accepted by firewalls or ACLs on routers inbetween than UDP packets.
If a dedicated interface must be specified, this can be done by -i <device> or using <address>%<device>.
traceroute got native IPv6 support with version 2 and support all features as for IPv4. Below you will see an example for an ICMP (ping) traceroute (root permissions required)
# traceroute -I -n ipv6.google.com traceroute to ipv6.google.com (2a00:1450:4016:804::200e), 30 hops max, 80 byte packets 1 2001:a61:*** 0.410 ms 0.510 ms 0.655 ms 2 2001:a60::89:705:1 26.428 ms 34.361 ms 41.777 ms 3 2001:a60::89:0:1:2 19.131 ms 19.163 ms 19.248 ms 4 2001:a60:0:106::2 20.464 ms 20.467 ms 20.457 ms 5 2001:4860::9:4000:cf86 21.836 ms * 21.852 ms 6 2001:4860:0:1::19 21.690 ms 21.585 ms 22.919 ms 7 2a00:1450:4016:804::200e 23.176 ms 19.310 ms 20.065 ms
If a dedicated interface must be specified, this can be done by -i <device>.
This program is normally included in package iputils. It's a program like traceroute6 and traces the path to a given destination discovering the MTU along this path. Below you will see an example:
# tracepath6 www.6bone.net 1?: [LOCALHOST] pmtu 1480 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms 2: 3ffe:b00:c18::5 267.864ms 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 3: 3ffe:3900:5::2 asymm 4 346.632ms 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms 6: 3ffe:3800::1:1 asymm 4 578.126ms !N Resume: pmtu 1280
On Linux, tcpdump is the major tool for packet capturing. Below you find some examples. IPv6 support is normally built-in in current releases of version 3.6.
tcpdump uses expressions for filtering packets to minimize the noise:
icmp6: filters native ICMPv6 traffic
ip6: filters native IPv6 traffic (including ICMPv6)
proto ipv6: filters tunneled IPv6-in-IPv4 traffic
not port ssh: to suppress displaying SSH packets for running tcpdump in a remote SSH session
Also some command line options are very useful to catch and print more information in a packet, mostly interesting for digging into ICMPv6 packets:
“-s 512”: increase the snap length during capturing of a packet to 512 bytes
“-vv”: really verbose output
“-n”: don't resolve addresses to names, useful if reverse DNS resolving isn't working proper
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6 tcpdump: listening on eth0 2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo ¬ request (len 64, hlim 64) 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo ¬ reply (len 64, hlim 64)
188.8.131.52 and 184.108.40.206 are tunnel endpoints (all addresses are examples)
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6 tcpdump: listening on ppp0 220.127.116.11 > 18.104.22.168: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 22.214.171.124 > 126.96.36.199: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len ¬ 64, hlim 61) (ttl 23, id 29887, len 124) 188.8.131.52 > 184.108.40.206: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request ¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 220.127.116.11 > 18.104.22.168: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len ¬ 64, hlim 61) (ttl 23, id 29919, len 124)