Sunday, August 11, 2013

Scan ARP MAC addresses of other devices on the LAN

(Disclaimer: this is not IPv6 related. Just plain IPv4)

It can be useful to see which other devices are connected to a LAN, and then check the MAC address to get some kind identification. This way you can see - for example - if a smartphone is there, so thus guess if a certain person is there.

There is an easy tool for that: "arp-scan". It's available on Ubuntu Linux 13.04 after installing it "sudo apt-get install arp-scan". You have to run it as root:

$ sudo arp-scan --localnet --interface=wlan0
Interface: wlan0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.0.1 64:d1:a3:03:8a:01 Sitecom Europe BV
192.168.0.113 00:06:dc:44:57:f3 Syabas Technology (Amquest)
192.168.0.102 04:46:65:7a:9d:55 (Unknown)
192.168.0.108 00:1f:e1:9f:eb:d2 Hon Hai Precision Ind. Co., Ltd.
192.168.0.109 f0:5a:09:35:ff:42 (Unknown)
192.168.0.102 04:46:65:7a:9d:55 (Unknown) (DUP: 2)
192.168.0.104 00:37:6d:01:ed:9a (Unknown) (DUP: 1)

 7 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.336 seconds (191.62 hosts/sec). 7 responded

It works, but some MAC addresses are unknown. If you want the newer version, get it from http://www.nta-monitor.com/tools-resources/security-tools/arp-scan and compile it. Result:


$ sudo ./arp-scan --localnet --interface=wlan0
Interface: wlan0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.0.1 64:d1:a3:03:8a:01 Sitecom Europe BV
192.168.0.113 00:06:dc:44:57:f3 Syabas Technology (Amquest)
192.168.0.104 00:37:6d:01:ed:9a Murata Manufacturing Co., Ltd.
192.168.0.109 f0:5a:09:35:ff:42 Samsung Electronics Co.,Ltd
192.168.0.108 00:1f:e1:9f:eb:d2 Hon Hai Precision Ind. Co., Ltd.
192.168.0.102 04:46:65:7a:9d:55 Murata Manufacturing Co., Ltd.

 6 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9: 256 hosts scanned in 1.981 seconds (129.23 hosts/sec). 6 responded

So the f0:5a:09:35:ff:42 is my Samsung Android smartphone. That means I'm at home (or I left my phone at home ;-) )

Tip: run arp-scan a few times; sometimes it shows more lines that other times.

op No comments:

Thursday, June 13, 2013

Measure IPv4 versus IPv6 traffic with netstat on Linux

There appears to be an easy way to measure IPv4 versus IPv6 traffic on Linux:



sander@hapee:~$ netstat -s  | grep -i octet | grep -vi cast
    InOctets: 242397362
    OutOctets: 76157803
sander@hapee:~$ netstat -s -6 | grep -i octet | grep -vi cast
    Ip6InOctets: 105884560
    Ip6OutOctets: 21024110
sander@hapee:~$ 

For those who don't know: an octet is an 8-bit byte.

Be aware that that the netstat counter apparantly is 32-bit, and two's complement, so the value will go from 0 to 2^31, and then to -2^31. So the value can be negative:

sander@hapee:~$ netstat -s  | grep -i octet | grep -vi cast
    InOctets: -249959401
    OutOctets: 72041351

If you use MRTG, MRTG can take care of these rollovers

UPDATE:

The current git version of net-tools / netstat solves the roll-over. Installation using git:


git clone git://net-tools.git.sourceforge.net/gitroot/net-tools/net-tools
cd net-tools/
make config
make
sudo make install

Result:


$ netstat -s | grep -i octet | grep -vi cast
    InOctets: 44243555321
    OutOctets: 216954870


So counter is at 44GB, well above 4.2GB. No more rollover. :-)

EDIT:
A one-liner to show traffic in GB:


$ ./netstat -s | grep -i octet | grep -vi cast | awk '{ print $2/(1024*1024*1024) " GB" }'
65.0086 GB
1.51142 GB

 $ ./netstat -s -6 | grep -i octet | grep -vi cast | awk '{ print $2/(1024*1024*1024) " GB" }'
5.0461111 GB
0.7176651 GB


op No comments:

Monday, June 3, 2013

Use netstat to show IPv4 versus IPv6 traffic

If you wonder how much IPv6 versus IPv4 traffic your system does, there is an nice estimation: use "netstat -s" to show the amount of inbound packets. Packets is not the same as bytes, but assuming the IPv4 packets have the same mean size as IPv6 packets, you're fine. The exact commands are:

netstat -s | grep "total packets" | awk '{ print $1 }'
netstat -s -6 | grep "total packets" | awk '{ print $1 }'

which will show the packets for IPv4 resp IPv6

Please note that the first command will only show IPv4 packets, and not the total of IP packets. See the below test for proof


sander@hapee:~$ netstat -s | grep "total packets" | awk '{ print $1 }'
32648268
sander@hapee:~$ netstat -s -6 | grep "total packets" | awk '{ print $1 }'
177887898

sander@hapee:~$ wget -4 http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso -O /dev/null

sander@hapee:~$ netstat -s | grep "total packets" | awk '{ print $1 }'
32688502
sander@hapee:~$ netstat -s -6 | grep "total packets" | awk '{ print $1 }'
177887937

sander@hapee:~$ wget -6 http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso -O /dev/null


sander@hapee:~$ netstat -s | grep "total packets" | awk '{ print $1 }'
32688526
sander@hapee:~$ netstat -s -6 | grep "total packets" | awk '{ print $1 }'
178028250
sander@hapee:~$

In the above output you'll see the IPv4-download only rises the first counter (meaning it only measures IPv4), and the IPv6-download only rises the second counter (IPv6 traffic).
I'm writing a tool to put this info into MRTG graphs
op No comments:

Saturday, April 20, 2013

IPv6 only bittorrent with Transmission

You can make Tranmission share torrent files via IPv6 only quite easily: just add http://www.appelboor.com/dump/blocklist.txt as the blocklist via Transmission: Edit -> Preferences -> Privacy.



Result: IPv6 only peers:



Download speeds is around 24 Mbps, so quite reasonable:


op No comments:

Friday, April 19, 2013

A lot of bittorrent IPv6 peers ...




op No comments:

wget with IPv6 on Windows

If you need wget with IPv6 on Windows: it is here: https://code.google.com/p/osspack32/downloads/detail?name=wget-1.14.exe&can=2&q=

Tip: use the option "-6" to force IPv6.


C:\>wget -6 http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso


op No comments:

Setting up a Sitecom X6 router with a HE IPv6 tunnel



Here's an instruction how to setup the Sitecom WLR-6100 X6 N900 router with a Hurricane Electric IPv6 Tunnel. It will probably also work with other Sitecom routers, like the X4.

The trick is to use a Routed /48 tunnel.

In short: Request a tunnel with routed /48 from Hurricane Electric and use just three parameters to set up 6RD IPv6 in your Sitecom.



The longer description:
  1. Upgrade your Sitecom router to firmware 2.4 (or higher)
  2. Make sure your Sitecom is ping-able from Internet
  3. Create an account on http://www.tunnelbroker.net/
  4. Request a tunnel on http://www.tunnelbroker.net/ . Choose a tunnel provider near you
  5. On that tunnel page, request the “Routed /48”
  6. From the tunnel page, the following items are relevant:
    1. Server IPv4 Address
    2. Client IPv4 Addres (=your own public IPv4 address)
    3. Routed /48
  7. In the Sitecom, click on "Internet Settings", then "IPv6 Settings". Choose "6RD" in the firs drop down option
  8. Then fill out the Sitecom form as in the screendump below

It should now work. So, with your laptop/PC, go to http://test-ipv6.com/ to see if you have IPv6 connectivity. That site should say something like "Your IPv6 address on the public Internet appears to be 2001:470:... (HURRICANE - Hurricane Electric, Inc.)".
Screendump (click for larger image):


The throughput over Wifi is quite impressive: I get 11,3 MB/s, thus about 113 Mbps. (on my 300/300 Mbps Internet connection). See this output:
sander@flappie:~$ wget -6 http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso -O /dev/null
--2013-04-19 16:32:06--  http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso
Resolving ftp.belnet.be (ftp.belnet.be)... 2001:6a8:3c80:2::21
Connecting to ftp.belnet.be (ftp.belnet.be)|2001:6a8:3c80:2::21|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 726970368 (693M) [application/x-iso9660-image]
Saving to: ‘/dev/null’

  6% [==>                                                ] 49.882.045  11,5MB/s  eta 61s    
28% [=============>                                     ] 206.782.525 11,5MB/s  eta 45s    
71% [===================================>               ] 520.086.461 11,2MB/s  eta 18s    
100%[==================================================>] 726.970.368 11,3MB/s   in 61s    

 2013-04-19 16:33:08 (11,3 MB/s) - ‘/dev/null’ saved [726970368/726970368]

 sander@flappie:~$ 

I can't test the IPv6 speed of wired ethernet as the Sitecom becomes completely unreachable with 3 seconds when do that. So I would say that's a bug in the Sitecom.

Update: with another laptop (HP with Windows7, instead of Samsung with Ubuntu), IPv6 over wired ethernet does not lock up the Sitecom, and the speed is impressive:

C:\>wget-1.14.exe -6 http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso
--2013-04-19 16:57:58--  http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso
Resolving ftp.belnet.be (ftp.belnet.be)... 2001:6a8:3c80:2::21
Connecting to ftp.belnet.be (ftp.belnet.be)|2001:6a8:3c80:2::21|:80... connected
.
HTTP request sent, awaiting response... 200 OK
Length: 726970368 (693M) [application/x-iso9660-image]
Saving to: 'ubuntu-12.04.2-desktop-i386.iso.1'

 100%[======================================>] 726,970,368 24.1MB/s   in 29s

 2013-04-19 16:58:27 (24.1 MB/s) - 'ubuntu-12.04.2-desktop-i386.iso.1' saved [726970368/726970368]
C:\>

So ... that's 24.1 MB/s, or 241 Mbps...! FWIW: tested on a 300/300 Mbps Caiway FttH connection.

Update 2: with the same laptop (HP) with Ubuntu, the speed is even higher: 34.1 MB/s, or 341 Mbps. Kudo's to the Sitecom router for handling the IPv6 at this great speed.
ubuntu@ubuntu:~$ wget -6 http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso -O /dev/null
--2013-04-19 18:24:42-- http://ftp.belnet.be/ubuntu.com/ubuntu/releases/precise/ubuntu-12.04.2-desktop-i386.iso
Resolving ftp.belnet.be (ftp.belnet.be)... 2001:6a8:3c80:2::21
Connecting to ftp.belnet.be (ftp.belnet.be)|2001:6a8:3c80:2::21|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 726970368 (693M) [application/x-iso9660-image]
Saving to: ‘/dev/null’

39% [==============> ] 289,894,144 36.7MB/s eta 13s
79% [=============================> ] 577,715,328 37.2MB/s eta 5s
100%[======================================>] 726,970,368 27.6MB/s in 20s

2013-04-19 18:25:02 (34.1 MB/s) - ‘/dev/null’ saved [726970368/726970368]

ubuntu@ubuntu:~$


    op No comments:
    Subscribe to: Posts (Atom)