Synopsys Completes Acquisition of WhiteHat Security Learn More

close search bar

Sorry, not available in this language yet

close language selection
ICMPv6 Data Sheet
Test Suite:
ICMPv6
Direction:
Server

Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) specifies a set of control messages for IPv6. The messages are used for procedures like Neighbor Discovery, Path MTU discovery. ICMPv6 Test Suite can be used for evaluating IPv6 implementations for security flaws and robustness problems in ICMPv6.

Used specifications

Specification
Title
Notes
RFC894
A Standard for the Transmission of IP Datagrams over Ethernet Networks
RFC2104
HMAC: Keyed-Hashing for Message Authentication
RFC2375
IPv6 Multicast Address Assignments
RFC2403
The Use of HMAC-MD5-96 within ESP and AH
RFC2404
The Use of HMAC-SHA1-96 within ESP and AH
RFC2405
The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC2407
The Internet IP Security Domain of Interpretation for ISAKMP
RFC2408
Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409
The Internet Key Exchange (IKE)
RFC2410
The NULL Encryption Algorithm and Its Use With IPsec
RFC2451
The ESP CBC-Mode Cipher Algorithms
RFC2460
Internet Protocol, Version 6 (IPv6) Specification
Obsoletes RFC1883
RFC2462
IPv6 Stateless Address Autoconfiguration
Obsoletes RFC1971
RFC2464
Transmission of IPv6 Packets over Ethernet Networks
Obsoletes RFC1972
RFC2710
Multicast Listener Discovery (MLD) for IPv6
RFC2894
Router Renumbering for IPv6
RFC3041
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
RFC3122
Extensions to IPv6 Neighbor Discovery for Inverse Discovery Specification
RFC3590
Source Address Selection for the Multicast Listener Discovery (MLD) Protocol
RFC3602
The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC3756
IPv6 Neighbor Discovery (ND) Trust Models and Threats
RFC3810
Multicast Listener Discovery Version 2 (MLDv2) for IPv6
RFC3956
Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address
RFC3971
SEcure Neighbor Discovery
RFC3972
Cryptographically Generated Addresses (CGA)
RFC4065
Seamoby IANA Allocations
RFC4066
Candidate Access Router Discovery (CARD)
RFC4068
Fast Handovers for Mobile IPv6
RFC4106
The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
RFC4140
HMIPv6
RFC4191
Router Preferences and More-Specific Routes
RFC4193
Unique Local IPv6 Unicast Addresses
RFC4213
Basic Transition Mechanisms for IPv6 Hosts and Routers
RFC4286
Multicast Router Discovery
RFC4301
Security Architecture for the Internet Protocol
Obsoletes RFC2401, RFC1825
RFC4302
IP Authentication Header
Obsoletes RFC2402, RFC1826
RFC4303
IP Encapsulating Security Payload
Obsoletes RFC2406, RFC1827
RFC4306
Internet Key Exchange (IKEv2) Protocol
RFC4308
Cryptographic Suites for IPsec
RFC4309
Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
RFC4380
Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)
RFC4389
Neighbor Discovery Proxies (ND Proxy)
RFC4429
Optimistic Duplicate Address Detection (DAD) for IPv6
RFC4443
Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
Obsoletes RFC2463, RFC1885
RFC4604
Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast
RFC4620
IPv6 Node Information Queries
RFC4727
Experimental Values in IPv4, IPv6, ICMPv6, UDP and TCP Headers
RFC4835
Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
Obsoletes RFC4305, RFC2402, RFC2406
RFC4861
Neighbor Discovery for IP Version 6 (IPv6)
Obsoletes RFC1970, RFC2461
RFC4884
Extended ICMP to Support Multi-Part Messages
RFC4950
ICMP Extensions for Multiprotocol Label Switching
RFC5175
IPv6 RA Option for DNS Configuration
RFC5269
Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)
RFC5271
Mobile IPv6 Fast Handovers for 3G CDMA Networks
RFC5837
Extending ICMP for Interface and Next-Hop Identification
RFC5991
TEREDO Security Updates
RFC6081
TEREDO Extensions
RFC6106
IPv6 Router Advertisement Options for DNS Configuration
Obsoletes RFC5006
RFC6496
Secure Proxy ND Support for SEcure Neighbor Discovery (SEND)
RFC6550
RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks
RFC6743
ICMP Locator Update Message for the Identifier-Locator Network Protocol for IPv6 (ILNPv6)
RFC6775
Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)
RFC8335
PROBE: A Utility for Probing Interfaces
RFC8883
ICMPv6 Errors for Discarding Packets Due to Processing Limits
RFC-ietf-6lo-ghc-06
6LoWPAN Generic Compression of Headers and Header-like Payloads (GHC)

Tool-specific information

Tested ICMPv6 messages
Specifications
Notes
1 - Destination Unreachable
RFC4443, RFC4884
2 - Packet Too Big
RFC4443
3 - Time Exceeded
RFC4443, RFC4884
4 - Parameter Problem
RFC4443
128 - Echo Request
RFC4443
129 - Echo Reply
RFC4443
130 - Multicast Listener Query
RFC2710
Also MLDv2 discovery supported (RFC3810)
131 - Multicast Listener Report
RFC2710
132 - Multicast Listener Done
RFC2710
133 - Router Solicitation
RFC4861
134 - Router Advertisement
RFC4861
135 - Neighbor Solicitation
RFC4861
136 - Neighbor Advertisement
RFC4861
137 - Redirect Message
RFC4861
138 - Router Renumbering
RFC2894
139 - ICMP Node Information Query
RFC4620
140 - ICMP Node Information Reply
RFC4620
141 - Inverse Neighbor Discovery Solicitation
RFC3122
142 - Inverse Neighbor Discovery Advertisement
RFC3122
143 - Multicast Listener Discovery (MLDv2) Report
RFC3810
148 - Certification Path Solicitation
RFC3971
149 - Certification Path Solicitation
RFC3971
151 - Multicast Router Advertisement
RFC4286
152 - Multicast Router Solicitation
RFC4286
153 - Multicast Router Termination
RFC4286
155 - RPL Control Message
RFC6550
156 - ILNPv6 Locator-Update
RFC6743
157 - SixLoWPAN Duplicate-Address Request
RFC6775
158 - SixLoWPAN Duplicate-Address Confirmation
RFC6775
160 - Extended Echo Request
RFC8335
161 - Extended Echo Reply
RFC8335

Tested Neighbor Discovery options
Specifications
Notes
1 - Source Link-layer Address
RFC4861
2 - Target Link-layer Address
RFC4861
3 - Prefix Information
RFC4861
4 - Redirected Header
RFC4861
5 - MTU
RFC4861
6 - NBMA Shortcut Limit Option
IPV6-NBMA
7 - Advertisement Interval Option
RFC3775
8 - Home Agent Information Option
RFC3775
9 - Source Address List
RFC3122
10 - Target Address List
RFC3122
11 - CGA option
RFC3971
12 - RSA Signature option
RFC3971
13 - Timestamp option
RFC3971
14 - Nonce option
RFC3971
15 - Trust Anchor option
RFC3971
16 - Certificate option
RFC3971
17 - IP Address/Prefix Option
RFC4068, RFC5568
18 - New Router Prefix Information Option
RFC4068
19 - Link-layer Address (LLA) Option
RFC4068, RFC5568
20 - Neighbor Advertisement Acknowledgment (NAACK)
RFC4068, RFC5568
23 - MAP (Mobility Anchor Point) Option
RFC4140
MIPv6 option
24 - Route Information Option
RFC4191
25 - Recursive DNS Server Option
RFC6106
26 - RA Flags Extension Option
RFC5175
27 - Handover Key Request
RFC5269
28 - Handover Key Reply
RFC5269
29 - Handover Assist Information
RFC5271
30 - Mobile Node Identifier
RFC5271
31 - DNS Search List Option
RFC6106
32 - Proxy Signature (PS)
RFC6496
33 - Address Registration (ARO)
RFC6775
34 - 6LoWPAN Context Option (6CO)
RFC6775
35 - Authoritative Border Router Option (ABRO)
RFC6775
36 - 6LoWPAN Capability Indication Option (6CIO)
RFC-ietf-6lo-ghc-6cio
138 - CARD Request option
RFC4065
MIPv6 option
139 - CARD Reply option
RFC4065
MIPv6 option
253 - RFC3692-style Experiment 1
RFC4727
Tested as unexpected options
254 - RFC3692-style Experiment 2
RFC4727
Tested as unexpected options

Other features

Selectable IPsec mode: IPv6 without security headers, IPv6 with AH, ESP and AH+ESP either in transport or tunnel mode

Supported AH authentication algorithms and ESP integrity algorithms: NULL, HMAC_SHA1-96, HMAC_MD5-96, HMAC_SHA2-256, HMAC_SHA2-384, HMAC_SHA2-512

Supported ESP crypto algorithms: ESP-NULL, ESP-DES-CBC, ESP-DES3-CBC, ESP-AES-CBC128, ESP-AES-CBC192, ESP-AES-CBC256, AES-GCM-16-128, AES-GCM-16-192, AES-GCM-16-256

IPsec SA can be negotiated with ISAKMP Server Test Suite 3.2.0 or later and IKEv2 Server Test Suite 3.1.1 or later.

Configurable destination Ethernet MAC address solicitation mode: Neighbor solicitation for nodes in same subnet, Router solicitation and User-specified target MAC address.

Tested ICMP Extension Object Class types
Specifications
Notes
1 - MPLS Label Stack Object
RFC4950, RFC4884
2 - Interface Information Object
RFC5837, RFC4884
3 - Interface Identification Object
RFC8335, RFC4884
4 - Extended Information Object
RFC8883, RFC4884

Supported SafeGuard Checks

Authentication Bypass

Weak Cryptography

Certificate Validation

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis