On 2012-09-13 14:21 , Fernando Gont wrote:
Folks,
We are pleased to announce the release of ipv6mon v1.0!
** Description **
ipv6mon (<http://www.si6networks.com/tools/ipv6mon>) is a tool for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have been assigned to which nodes during which period of time.
ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active.
You mean, like what NDPMon has been delivering for several years already:
From http://ndpmon.sourceforge.net/ -- The Neighbor Discovery Protocol Monitor (NDPMon) is a diagnostic software application used by Internet Protocol version 6 network administrators for monitoring ICMPv6 packets. NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection.
NDPMon runs on Linux distributions (available in Debian repositories and in Ubuntu 12.10 and later), Mac OS X, FreeBSD (available as port), NetBSD and OpenBSD. It uses a configuration file containing the expected and valid behavior for nodes and routers on the link. This includes the routers addresses (MAC and IP) and the prefixes, flags and parameters announced. NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enabled (default behavior in Ubuntu and Windows for example), or Cryptographically Generated Addresses are in use. -- arpwatch + ndpmon are kind of a requirement in a network where you are not sure who can plug-in to it (especially when not using 802.1x on links or when having a 'weak'/known password for the wireless), are they not? :) Greets, Jeroen