my IPv6 Scapy Samples
for testing IPv6 enviroments and devices

IPv6 ICMP
icmp ipv6 request 
	
	i=IPv6()
	i.dst="2001:db8:dead::1"
	q=ICMPv6EchoRequest()
	p=(i/q)
	sr1(p)
ipv6 source route packets 
	i=IPv6()
	i.dst="2001:db8:dead::1"
	h=IPv6ExtHdrRouting()
	h.addresses=["2001:db8:dead::1","2001:db8:dead::1","2001:db8:dead::1"]
	p=ICMPv6EchoRequest()
	pa=(i/h/p)
Routing Header Example 
	a = sr1(IPv6(dst="2001:4f8:4:7:2e0:81ff:fe52:9a6b")/ \
	IPv6ExtHdrRouting(addresses=["2001:78:1:32::1", "2001:20:82:203:fea5:385"])/ \
	ICMPv6EchoRequest(data=RandString(7)), verbose=0)
	a.src
Traceroute 
	waypoint = "2001:301:0:8002:203:47ff:fea5:3085"
	target = "2001:5f9:4:7:2e0:81ff:fe52:9a6b"
	traceroute6(waypoint, minttl=15 ,maxttl=34,l4=IPv6ExtHdrRouting(addresses=[target])/ICMPv6EchoRequest(data=RandString(7)))
Current high score (not tested) 
      addr1 = "2001:4830:ff:12ea::2"
      addr2 = "2001:360:1:10::2"
      zz=time.time();
      a=sr1(IPv6(dst=addr2, hlim=255)/IPv6ExtHdrRouting(addresses=[addr1, addr2]*43)/ICMPv6EchoRequest(data="staythere"), verbose=0, timeout=80);
      print "%.2f seconds" % (time.time() - zz)
ipv6 NA (version 1) 
	sendp(Ether()/IPv6()/ICMPv6ND_RA()/ ICMPv6NDOptPrefixInfo(prefix="2001:db8:cafe:deca::", prefixlen=64)/ ICMPv6NDOptSrcLLAddr(lladdr="00:b0:de:ad:be:ef"), loop=1, inter=3)
ipv6 NA (version 2) 
	a=IPv6(nh=58, src='fe80::214:f2ff:fe07:af0', dst='ff02::1', version=6L, hlim=255, plen=64, fl=0L, tc=224L)
	b=ICMPv6ND_RA(code=0, chlim=64, H=0L, M=0L, O=0L, routerlifetime=1800, P=0L, retranstimer=0, prf=0L, res=0L, reachabletime=0, type=134)
	c=ICMPv6NDOptSrcLLAddr(type=1, len=1, lladdr='00:14:f2:07:0a:f1')
	d=ICMPv6NDOptMTU(res=0, type=5, len=1, mtu=1500)
	e=ICMPv6NDOptPrefixInfo(A=1L, res2=0, res1=0L, L=1L, len=4, prefix='2001:db99:dead::', R=0L, validlifetime=2592000, prefixlen=64, preferredlifetime=604800, type=3)
	send(a/b/c/d/e)
The one line Router Advertisement daemon killer 
	send(IPv6(src=server)/ICMPv6ND_RA(routerlifetime=0), loop=1, inter=1)
Test1 
	someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",
	"2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",
	"2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]
	
	for addr in someaddr: 
	  a = sr1(IPv6(dst=addr)/ICMPv6NIQueryName(data=addr), verbose=0)
	  print a.sprintf( "%-35s,src%: %data%")
Test2 
	someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",
	"2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",
	"2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]
	
	for addr in someaddr: 
	  a = sr1(IPv6(dst="ff02::1")/ICMPv6NIQueryName(data="ff02::1"))
	  print a.sprintf( "%data%")

IPv6 Scapy 3 Way
Creating a IPv6 3 Way Handshake
 
Step 1.
trun off the RST Packets from the Kernel, because no listen Port on the Source Port. (Scapy is not unsing RAW Socket)
iptables -A OUTPUT -p tcp --tcp-flags RST RST -d {dest IP} -j DROP  
Step 2.
Send th SYN Packet with scapy and fetch the answer.
	ip=IPv6(dst="2001:db8:0:1:207:3fff:fe68:df44")
	TCP_SYN=TCP(sport=1500, dport=80, flags="S", seq=100)		
	TCP_SYNACK=sr1(ip/TCP_SYN)
Step 3.
Send the ACK Packet with scapy
	my_ack = TCP_SYNACK.seq + 1
	TCP_ACK=TCP(sport=1500, dport=80, flags="A", seq=101, ack=my_ack)
	send(ip/TCP_ACK)
Step 4.
Check the client with netstat -na

(c) 2009 by packetlevel.ch / last update: 15.11.2009