8

I am using a Centos 5.5 box. Something on the network is advertising IPv6 prefixes, and I want to know who.

One solution would be to install tcpdump or tshark and just look at the network traffic. I would prefer not to have to rewire the network or play rpm sherpa with scp.

Is there a utility, like route or ip that will show me the addresses of the routers sending the advertisements?

pcapademic
  • 1,670
  • 1
  • 15
  • 22

3 Answers3

12

The easiest way I know to do this is to just accept the route it's advertising. Once it's your inet6 router, it's easy.

$ ip -f inet6 route
2001:db8:dead:beef::/64 dev eth1  proto kernel  metric 256  expires 3523sec mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
default via fe80::21b:63ff:fe12:3456 dev eth1  proto kernel  metric 1024  expires 1722sec mtu 1500 advmss 1440 hoplimit 64

'default via' is my router here. Let's see who it actually is, by querying my ARP neighbors.

$ ip -f inet6 neigh
fe80::21b:63ff:fe12:3456 dev eth1 lladdr 00:1b:63:12:34:56 router STALE

$ ip -f inet neigh
10.0.0.1 dev eth1 lladdr 00:1b:63:12:34:56 STALE

So I've found an inet6 router with a MAC address 00:1b:63:12:34:56, and a v4 address 10.0.0.1. Hopefully that'd be enough clues to send you back into familiar territory.

Shaun
  • 316
  • 1
  • 5
3

radvdump (installed alongside radvd) will provide you what you want as well...

Knobee
  • 357
  • 2
  • 7
2

The rdisc6 utility, included in most Linux distributions, does what you want.

jch
  • 470
  • 2
  • 8