Introduction to IPv6 Addresses: How to Use and How to Explore the Network (Part 1)

Can routers and computers work simultaneously with IP and IPv6?

IPv6 is the new version of IP. IPv6 networks, IPv6-enabled hardware and software are already fairly widespread – at least in some countries.

Now that IP and IPv6 protocols work together, this leads to the existence of virtually two parallel networks. For example, my ISP's router supports IPv6 and IP. If I go to a site that has an IPv6 address (most sites), then my request and response go through networks (nodes) with IPv6 support. If I go to a site that has only an IP address, then my request and the answer to it can go on a different route.

When analyzing the network, for example, using Wireshark or tcpdump, you can skip half or even more traffic if you forget about IPv6! That is, as a filter for displaying packets in Wireshark, you will enter (a regular filter to display IP protocol traffic):

ip

Then you will see something like this:

But if you enter such a filter

ipv6

That picture will change dramatically (I pay attention that this is the same traffic), it turns out that the computer is also connected to completely different hosts:

When analyzing the network, when configuring IP display filters, when performing attacks (for example, ARP and DNS spoofing on the local network), you need to remember about IPv6!

Once again: IP and IPv6 are two parallel networks that are not particularly connected to each other (although the same equipment can support both protocols). As a result, when setting up a network, for example, a firewall, you need to make settings for the IP protocol separately, and then do the same IPv6 settings. Since these are different networks, there is a chance that the system administrator has configured them differently, which provides loopholes for attack or bypass of restrictions using IPv6.

IPv6 addresses can be useful when researching the local networks of Internet service providers, it is worth trying to use IPv6 to bypass the Captive Portal and other network restrictions, you should remember about IPv6 when analyzing traffic on your computer and in local networks, or vice versa to increase the secrecy of your presence (in the hope that IPv6 is not mentioned in the traffic logging settings or that IPv6 geolocation is still in its infancy (at least in public databases)).

This article will help you take the first steps in using IPv6 addresses with popular programs.

IPv6 Address Structure

The following are examples of valid IPv6 addresses:

::1
2a02:6b8:a::a
2a02:f680:1:1100::3d60
2604:a880:800:c1::2ae:d001
2001:db8:11a3:9d7:1f34:8a2e:7a0:765d

They are, to put it mildly, different. Let's see how this is possible.

IPv6 addresses are displayed in full form as eight four-digit hexadecimal numbers (that is, eight groups of four characters), separated by a colon. Example address:

2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d

Hexadecimal numbers are written using numbers from 0 to 9 and with letters from a to f.

A complete record can be shortened using several notation methods, for example, the address 2001:0db8:0000:0000:0000:8a2e:0370:7334 is equivalent to the address 2001:db8::8a2e:370:7334.

By the way, because IP addresses also support shorthand, for example, the following command will work just fine:

ping 127.1

As a result, address ping 127.0.0.1 will be executed, which in abbreviated form is 127.1.

For IP addresses, groups of numbers are called octets (which means “eight” in some language) since each digit in the address contains eight bits of information, there are four octets in total for IP, that is, 32 bits are used for the address. By the way, that is why the number in each octet is limited to 255 – this corresponds to the amount of information that 8 bits can store, this is 28, that is, numbers from 0 to 255.

IPv6 addresses in each segment have 16 bits of information, in English these segments are called hextet or hexadectet. A total of 8 segments of 16 bits of information, it turns out that 8 * 16 = 128 bits are used to store IPv6 addresses.

As mentioned above, in IPv6 addresses, numbers in groups are written as hexadecimal numbers, and not as decimal numbers, as in IP. By the way, if the record were in the form of decimal numbers, then in each segment there would be numbers from 0 to 65535 (this is 216). As for hexadecimal numbers, to record 16 bits of information you need a number up to four characters long, so it turns out that the section size is 4 characters, but it can be less, since zeros at the beginning of the number are optional. That is, if the number 00a1 should be there, then you can simply write a1 – this is the first way to reduce the notation of IPv6 addresses.

If the number in the group is 0 (that is, four zeros), then one zero is written.

If there are several consecutive groups with zeros, then regardless of the number of zeros, this entire group is written as two colons (::). The last abbreviation can be used in one IPv6 address only once, even if there are several groups with zeros. If there are several groups with zeros, then only the longest of them is replaced. If there are two groups with zeros of the same length, then the one that comes first, that is, the left one, is replaced.

An example of using these rules:

Starting address: 2001:0db8:0000:0000:0000:ff00:0042:8329

After removing all leading zeros in each group: 2001:db8:0:0:0:ff00:42:8329

After skipping consecutive segments with zeros: 2001:db8::ff00:42:8329

The loopback address 0000:0000:0000:0000:0000:0000:0000:0001 using the reduction rules can be reduced to ::1

Let's go back to the addresses from the examples above:

::1

As we already found out, this is the loopback address 0000:0000:0000:0000:0000:0000:0000:0001.

2a02:6b8:a::a

Several sections with consecutive zeros are missing here. How much exactly? This can be found on the basis of the following rule: there should be 8 sections in total, and there are only 4 sections, which means that 4 sections are missing, that is, in full form the number should look like this:

2a02:6b8:a:0:0:0:0:a

Or even like this:

2a02:06b8:000a:0000:0000:0000:0000:000a

The following example:

2a02:f680:1:1100::3d60

There are 5 segments in this address, and it should be 8, so 3 is missing, the address record is in full:

2a02:f680:1:1100:0:0:0:3d60

Or along with all zeros:

2a02:f680:0001:1100:0000:0000:0000:3d60

2604:a880:800:c1::2ae:d001

There are 6 segments in this address, and there should be 8, therefore, a complete record of this address:

2604:a880:800:c1:0:0:2ae:d001

2001:db8:11a3:9d7:1f34:8a2e:7a0:765d

This address has 8 segments and there are no two colons in a row – therefore, this is a complete record of the address, except that the leading zeros are omitted:

2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d

Hopefully these simple exercises have helped you keep an eye on and learn how to recognize IPv6 addresses.

How do I know if I have an IPv6 address or not? How to find out your IPv6 address

It is sometimes impossible to find out your external IP address without third-party services, since quite often clients of Internet service providers access the global network via several NATs. Therefore, you have to go to the ‘Show my IP’ services and web sites – these services look at which IP address the request came from and show it to you. But most likely, this is not exactly “your” IP address, since computers and phones in your local network have only local IP addresses, your router also has some local IP belonging to the network of the Internet service provider, and the IP that shows you on web sites, in fact, assigned to some kind of network device from the ISP through which you access the external network simultaneously with many other users.

With IPv6 addresses, in this sense it is simpler - there are so many of them that there is no need for NAT – it is possible to give each client a personal IPv6 address.

But here another difficulty arises. Let's take a look together. On Windows, to display your IP and IPv6 addresses on the command line, run the command:

ipconfig

Output Example:

Адаптер Ethernet Ethernet:

   DNS-суффикс подключения . . . . . : home
   IPv6-адрес. . . . . . . . . . . . : 2403:6200:8862:2cb4::2
   IPv6-адрес. . . . . . . . . . . . : 2403:6200:8862:2cb4:bc07:bcb4:b7d0:24eb
   IPv6-адрес. . . . . . . . . . . . : fd14:9d09:d004:7e00:bc07:bcb4:b7d0:24eb
   Временный IPv6-адрес. . . . . . . : 2403:6200:8862:2cb4:7462:9648:7bcd:20a8
   Временный IPv6-адрес. . . . . . . : fd14:9d09:d004:7e00:7462:9648:7bcd:20a8
   Локальный IPv6-адрес канала . . . : fe80::bc07:bcb4:b7d0:24eb%16
   IPv4-адрес. . . . . . . . . . . . : 192.168.1.20
   Маска подсети . . . . . . . . . . : 255.255.255.0
   Основной шлюз. . . . . . . . . : fe80::1%16
                                       192.168.1.1

In Linux, to view your IP and IPv6 addresses, use the command:

ip a

Here IPv6 addresses along with subnet masks are listed in the lines:

    inet6 2403:6200:8862:2cb4::5/128 scope global dynamic noprefixroute 
       valid_lft 6125sec preferred_lft 2525sec
    inet6 fd14:9d09:d004:7e00:9965:7843:6899:ec5f/64 scope global dynamic noprefixroute 
       valid_lft 6948sec preferred_lft 3348sec
    inet6 2403:6200:8862:2cb4:3541:b9e5:61ac:69d3/64 scope global dynamic noprefixroute 
       valid_lft 6948sec preferred_lft 3348sec
    inet6 fe80::74a0:94fb:fc04:a1d8/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

We will look at the reserved ranges of IPv6 addresses a little later, looking ahead, I can say that global addresses can currently start only at 2 or 3 (others just haven’t been distributed yet). But even with this criterion, in the examples above, each operating system has two addresses that start with twos – which one is your external IPv6?

The easiest option is to check again using an external service, but you need to understand that if the site you are visiting to find out your IP address is not configured to work with IPv6, then it will only show your IP, but it will not be able to show your IPv6. The service on SuIP.biz and w-e-b.site have IPv6 support and will show your IPv6 address if your Internet service provider and your equipment (computer and router) support IPv6.

To find out if you have support and your IPv6 address, go to the page: https://w-e-b.site/?act=myip

If you have IPv6, then it will be shown. If IPv6 is not supported, only your IP will be displayed.

Reserved IPv6 Addresses

In this section, we will consider ranges of IPv6 addresses for the intended purpose, so that we can immediately filter them out of the many IPv6 addresses of network interfaces.

IP also has reserved address ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, 100.64.0.0/10 and a few more, a full list can be found here.

Special IPv6 address ranges are also available. Consider the table “Special IPv6 Address Blocks”:

Address block (CIDR) First address Last address Number of addresses Usage Purpose
::/0 :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2128 Routing Default route.
::/128 ::   1 Software Unspecified address.
::1/128 ::1   1 Host Loopback address to the local host.
::ffff:0:0/96 ::ffff:0.0.0.0 ::ffff:255.255.255.255 2128−96 = 232 = 4294967296 Software IPv4 mapped addresses.
::ffff:0:0:0/96 ::ffff:0:0.0.0.0 ::ffff:0:255.255.255.255 232 Software IPv4 translated addresses.
64:ff9b::/96 64:ff9b::0.0.0.0 64:ff9b::255.255.255.255 232 Global Internet IPv4/IPv6 translation.
100::/64 100:: 100::ffff:ffff:ffff:ffff 264 Routing Discard prefix.
2001::/32 2001:: 2001::ffff:ffff:ffff:ffff:ffff:ffff 296 Global Internet Teredo tunneling.
2001:20::/28 2001:20:: 2001:2f:ffff:ffff:ffff:ffff:ffff:ffff 2100 Software ORCHIDv2.
2001:db8::/32 2001:db8:: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff 296 Documentation Addresses used in documentation and example source code.
2002::/16 2002:: 2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2112 Global Internet The 6to4 addressing scheme (now deprecated).
fec0:/10 feff:: fec0:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2118 Site-local Marked deprecated in RFC 3879 (Analog of internal networks 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16)
fc00::/7 fc00:: fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2121 Private network Unique local address. Range replaced Site-Local
fe80::/10 fe80:: febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2118 Link Link-local address. Analog 169.254.0.0/16 in IPv4
ff00::/8 ff00:: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2120 Global Internet Multicast address.

As can be seen from the table, addresses that begin with zeros or with f are local or are intended for specific purposes.

Global IPv6

Corresponds to public IPv4 addresses. May be in any unoccupied range. Currently, regional Internet registrars are distributing a block of addresses 2000::/3 (from 2000:: to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF).

This means that only IPv6 addresses that start with “2” or “3” are global now.

As you can see in the screenshots above, more than one IPv6 address is assigned to network interfaces. For IPv6, this is the norm, although, for example, I have only one IPv6 address on the VPS servers on the network interface and this is enough for the web sites to connect and function.

A single network interface can have many IPv6 addresses, by default, on Linux I have a maximum of 16:

cat /proc/sys/net/ipv6/conf/default/max_addresses
16

Why is there so much IPv6 for one interface? Each IPv6 interface has a local IP address. If the interface can also exchange data with a larger network (for example, via the Internet), it also has a global address. These are at least two addresses. And if the host is behind a multihomed Internet connection, it probably has even more addresses.

In general, one computer can have many IPv6s – and that's the norm. Global addresses are those that start in two or three.

How to find out IPv6 site address

The IP address of the site is stored in A records, and the IPv6 address of the site is stored in AAAA records.

In Windows IPv6, the site address can be found with the nslookup command:

nslookup DOMAIN

For example:

nslookup yandex.ru

Output:

╤хЁтхЁ:  UnKnown
Address:  192.168.1.1

Не заслуживающий доверия ответ:
╚ь :     yandex.ru
Addresses:  2a02:6b8:a::a
          77.88.55.60
          77.88.55.55
          5.255.255.55
          5.255.255.60

If the site has an IPv6 address, then it will be displayed along with the IP addresses.

On Linux, you can also use the nslookup command:

nslookup yandex.ru

You can use the host command:

host yandex.ru

The dig command can also show IPv6 addresses, but by default it displays data only for an A record, so you need to specify the type of record explicitly:

dig +short yandex.ru AAAA

Or configure the output of all DNS records for this domain:

dig yandex.ru ANY

If you don’t feel like messing with command line utilities, you can use online services that will show you all the IP and IPv6 addresses of any site: https://w-e-b.site/?act=dig

Now that we have learned how to look and recognize IPv6 addresses, let's learn how to use them in various applications and utilities.

Continuation of “Introduction to IPv6 Addresses: How to Use and How to Explore the Network (Part 2)

Last Updated on

Recommended for you:

Leave a Reply

Your email address will not be published.