Monday, July 3, 2023

Measure IPv6 versus IPv4 traffic on Windows

 Measure IPv6 versus IPv4 traffic on Windows


On Windows, you can see the amount of IPv6 packets:


PS C:\> netsh interface ipv6 show ipstats | find /i """Receives"""

In Receives:                        3606021


... and IPv4 packets:


PS C:\> netsh interface ipv4 show ipstats | find /i """Receives"""

In Receives:                        71758


So, safely assuming IPv6 and IPv4 have about the same mean packet size, 98% of my traffic is IPv6 traffic.


Note: These are packets. To get an indication of the amount of bytes, multiply with something between 1200 and 1500 (= bytes per packet). The above 3606021 IPv6 packets means about 4.3 GB in bytes IPv6 traffic.


Monday, July 18, 2022

let Apache logging show source port for NAT444 forensic logging

With NAT444 / CGNAT, different users share one IPv4 address. So only logging the IPv4 address is not enough to find the specific user; you need to log the source port too. I guess legal intercept logging can then find the individual user.

So ... how do you let Apache webserver log the source IP address plus the source port? Answer: on Ubuntu, in the file /etc/apache2/apache2.conf, as root change the line

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

to

LogFormat "%h:%{remote}p %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined


So instead of only the remote IP address %h , the IP address plus the source port :%{remote}p is logged.


Example result from /var/log/apache2/access.log


18.12.12.65:63022 - - [18/Jul/2022:18:16:10 +0200] "GET /dump/ HTTP/1.1" 200 1571 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"


The source port is 63022


Thursday, June 9, 2022

Videoland en "Oeps, we konden de video niet afspelen. Het starten van de video is mislukt. Playservice error."

Op Videoland kreeg ik foutmelding "Oeps, we konden de video niet afspelen. Het starten van de video is mislukt. Playservice error.". 

Oorzaak gevonden: mijn IPv6-tunnel via Hurricane Electric. Na het uitschakelen van de IPv6-tunnel kon ik wel Videoland kijken.

Gokje: Videoland beschouwt the IPv6-tunnel als buiten-EU / buiten-Nederland, en weigert daarom met die cryptische melding om af te spelen. En nettere foutmelding (bijv: "u / uw IP-adres xyz komt van buiten de EU, daarom spelen we niet af") zou duidelijker zijn.


Oeps, we konden de video niet afspelen

Het starten van de video is mislukt.

Playservice error




Ah, de Videoland-app geeft een betere foutmelding als de IPv6-tunnel aanstaat: "Videoland is helaas niet beschikbaar in Verenigde Staten" 




Wednesday, February 16, 2022

PCExtreme with "IPv6-only" VPS ... certain IPv4 traffic is working, from behind NAT

 

PCExtreme offers "Standard Server 1GB IPv6 only" for only €1 ex VAT per month. See https://www.pcextreme.com/cloud-servers/standard

I wanted to try that out, because: how does IPv6-only work in practice? Is that working in 2022?

So I bought a VPS, and now I'm a bit disappointed: the VPS does have IPv4 after all. It's behind NAT. Just like a device on a home LAN with an ISP connection.

However, some of my IPv4 traffic failed, like git connections to special git ports (no problem via https). So I did some research by trying to connect to outside ports

Some checks: HTTP and HTTPS are both allowed:

port 80 is allowed

port 443 is allowed

SMTP Port 25 is of course not possible:

port 25 not reached


Other ports ... to find out.



Monday, November 5, 2018

Suddenly FD...-addresses, aka Unique Local IPv6 Unicast Addresses

Suddenly I saw IPv6 addresses starting with FD in my ifconfig.

On Linux 3.13:

          inet6 addr: fdd6:5a2d:3f20:0:213:77ff:fefa:63e3/64 Scope:Global
          inet6 addr: fdd6:5a2d:3f20:0:6001:f53f:1e8:3850/64 Scope:Global

and on Linux 4.14:

        inet6 fdd6:5a2d:3f20:0:ce90:a2cc:655b:416e  prefixlen 64  scopeid 0x0


It appears these are "Unique Local IPv6 Unicast Addresses", defined in RFC4193. They are world wide unique (well, at least: very probably unique), and to be used within a site.

At first I thought this was a new Linux setting, but these addresses also showed up on my old Ubuntu 14.04.
So ... what is going on? Ah, it's my new Fiber modem/router Genexis Platinum that is providing these addresses.

My use so far: you can use the FD address without specifying the interface. So handier than the FE80 addresses.

I checked a Windows 10 machine, but Windows 10 did not show these addresses. Maybe a Windows policy?

Update (2018-11-11):
Both Android and MacOSX show the FD... addresses too.




Wednesday, December 21, 2016

KPN IPv6 statistics shows impressive growth

The KPN IPv6 statistics for the last four months:

  • 2016-08: 6.8% IPv6 
  • 2016-12: 14.8% IPv6
So + 8% in four months time, or + 2% per month. Well done, KPN!

That could mean KPN could be at 14% + 12*2% = 38% IPv6 traffic at the end of 2017. We'll see in one year time.


FWIW: in the last 8 months the other Netherlands ISP Ziggo has only gone down. See here





Tuesday, October 25, 2016

Netherlands IPv6 - KPN versus Ziggo

Based on the measurements from Worldipv6launch you can see the status of IPv6 in the Netherlands of the two biggest ISPs KPN and Ziggo (October 2016):


Hacked together in one overview with KPN in orange and Ziggo in red:




So:

  • KPN is at 9% IPv6 traffic, with a nice rise in August and September 2016: +3% in two months.
  • Ziggo is at 8% IPv6 traffic, and ... going down. Ziggo's IPv6 rollout looked very promising in Q1-2016 going from about 1% to almost 9%, but since then it's declining. So that looks like Ziggo has stopped deploying IPv6 to more customers. EDIT: or Ziggo is migrating users from the UPC-AS to Ziggo-AS without giving them IPv6?
I'm curious what the situation will be in a few months. To be continued ...