ICMPv6 Data Sheet
Test Suite:
ICMPv6
Direction:
Server

Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) specifies a set of control messages for IPv6. The messages are used for procedures like Neighbor Discovery, Path MTU discovery. ICMPv6 Test Suite can be used for evaluating IPv6 implementations for security flaws and robustness problems in ICMPv6.

Used specifications

Specification
Title
RFC894

A Standard for the Transmission of IP Datagrams over Ethernet Networks

RFC2104

HMAC: Keyed-Hashing for Message Authentication

RFC2375

IPv6 Multicast Address Assignments

RFC2403

The Use of HMAC-MD5-96 within ESP and AH

RFC2404

The Use of HMAC-SHA1-96 within ESP and AH

RFC2405

The ESP DES-CBC Cipher Algorithm With Explicit IV

RFC2407

The Internet IP Security Domain of Interpretation for ISAKMP

RFC2408

Internet Security Association and Key Management Protocol (ISAKMP)

RFC2409

The Internet Key Exchange (IKE)

RFC2410

The NULL Encryption Algorithm and Its Use With IPsec

RFC2451

The ESP CBC-Mode Cipher Algorithms

RFC2460

Internet Protocol, Version 6 (IPv6) Specification

RFC2462

IPv6 Stateless Address Autoconfiguration

RFC2464

Transmission of IPv6 Packets over Ethernet Networks

RFC2710

Multicast Listener Discovery (MLD) for IPv6

RFC2894

Router Renumbering for IPv6

RFC3041

Privacy Extensions for Stateless Address Autoconfiguration in IPv6

RFC3122

Extensions to IPv6 Neighbor Discovery for Inverse Discovery Specification

RFC3590

Source Address Selection for the Multicast Listener Discovery (MLD) Protocol

RFC3602

The AES-CBC Cipher Algorithm and Its Use with IPsec

RFC3756

IPv6 Neighbor Discovery (ND) Trust Models and Threats

RFC3810

Multicast Listener Discovery Version 2 (MLDv2) for IPv6

RFC3956

Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address

RFC3971

SEcure Neighbor Discovery

RFC3972

Cryptographically Generated Addresses (CGA)

RFC4065

Seamoby IANA Allocations

RFC4066

Candidate Access Router Discovery (CARD)

RFC4068

Fast Handovers for Mobile IPv6

RFC4106

The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)

RFC4140

HMIPv6

RFC4191

Router Preferences and More-Specific Routes

RFC4193

Unique Local IPv6 Unicast Addresses

RFC4213

Basic Transition Mechanisms for IPv6 Hosts and Routers

RFC4286

Multicast Router Discovery

RFC4301

Security Architecture for the Internet Protocol

RFC4302

IP Authentication Header

RFC4303

IP Encapsulating Security Payload

RFC4306

Internet Key Exchange (IKEv2) Protocol

RFC4308

Cryptographic Suites for IPsec

RFC4309

Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)

RFC4380

Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)

RFC4389

Neighbor Discovery Proxies (ND Proxy)

RFC4429

Optimistic Duplicate Address Detection (DAD) for IPv6

RFC4443

Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification

RFC4604

Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast

RFC4620

IPv6 Node Information Queries

RFC4727

Experimental Values in IPv4, IPv6, ICMPv6, UDP and TCP Headers

RFC4835

Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)

RFC4861

Neighbor Discovery for IP Version 6 (IPv6)

RFC4884

Extended ICMP to Support Multi-Part Messages

RFC5175

IPv6 RA Option for DNS Configuration

RFC5269

Distributing a Symmetric Fast Mobile IPv6 (FMIPv6) Handover Key Using SEcure Neighbor Discovery (SEND)

RFC5271

Mobile IPv6 Fast Handovers for 3G CDMA Networks

RFC5991

TEREDO Security Updates

RFC6081

TEREDO Extensions

RFC6106

IPv6 Router Advertisement Options for DNS Configuration

RFC6496

Secure Proxy ND Support for SEcure Neighbor Discovery (SEND)

RFC6550

RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks

RFC6743

ICMP Locator Update Message for the Identifier-Locator Network Protocol for IPv6 (ILNPv6)

RFC6775

Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)

RFC-ietf-6lo-ghc-06

6LoWPAN Generic Compression of Headers and Header-like Payloads (GHC)

Tool-specific information

Tested ICMPv6 messages
Specifications
Notes
Destination Unreachable
RFC4443
Packet Too Big
RFC4443
Time Exceeded
RFC4443
Parameter Problem
RFC4443
Echo Request
RFC4443
Echo Reply
RFC4443
Multicast Listener Discovery
RFC2710
Also MLDv2 discovery supported (RFC3810)
Multicast Listener Report
RFC2710
Multicast Listener Done
RFC2710
Router Solicitation
RFC4861
Router Advertisement
RFC4861
Neighbor Solicitation
RFC4861
Neighbor Advertisement
RFC4861
Redirect
RFC4861
Router Renumbering
RFC2894
Node Information Query
RFC4620
Node Information Reply
RFC4620
Inverse Neighbor Solicitation
RFC3122
Inverse Neighbor Advertisement
RFC3122
MLDv2 Report
RFC3810
Certification Path Solicitation
RFC3971
Certification Path Solicitation
RFC3971
Multicast Router Advertisement
RFC4286
Multicast Router Solicitation
RFC4286
Multicast Router Termination
RFC4286
Node Information Query
RFC4620
Node Information Response
RFC4620
SixLoWPAN Duplicate-Address Request
RFC6775
SixLoWPAN Duplicate-Address Confirmation
RFC6775
RPL Solicitation
RFC6550
RPL Solicitation
RFC6550
ILNPv6 Locator-Update
RFC6743

Tested Neighbor Discovery options
Specifications
Notes
Source Link-layer Address
RFC4861
Target Link-layer Address
RFC4861
Prefix Information
RFC4861
Redirected Header
RFC4861
MTU
RFC4861
NBMA Shortcut Limit Option
IPV6-NBMA
Advertisement Interval Option
RFC3775
Home Agent Information Option
RFC3775
Source Address List
RFC3122
Target Address List
RFC3122
Timestamp option
RFC3971
Nonce option
RFC3971
Trust Anchor option
RFC3971
Certificate option
RFC3971
RFC3692-style Experiment 1 and 2
RFC4727
Tested as unexpected options
CGA option
RFC3971
RSA Signature option
RFC3971
IP Address Option
RFC4068
New Router Prefix Information Option
RFC4068
Link-layer Address Option
RFC4068
Neighbor Advertisement Acknowledgment
RFC4068
CARD Request option
RFC4065
MIPv6 option
CARD Reply option
RFC4065
MIPv6 option
MAP Option
RFC4140
MIPv6 option
Route Information Option
RFC4191
Recursive DNS Server Option
RFC6106
DNS Search List Option
RFC6106
RA Flags Extension Option
RFC5175
Handover Key Request
RFC5269
Handover Key Reply
RFC5269
Handover Assist Information
RFC5271
Mobile Node Identifier
RFC5271
Proxy Signature
RFC6496
RPL Address Registration
RFC6775
RPL Context Option
RFC6775
RPL Authoritative Border Router
RFC6775
6LoWPAN GHC 6CIO option
RFC-ietf-6lo-ghc-6cio

Other features

Selectable IPsec mode: IPv6 without security headers, IPv6 with AH, ESP and AH+ESP either in transport or tunnel mode

Supported AH authentication algorithms and ESP integrity algorithms: NULL, HMAC_SHA1-96, HMAC_MD5-96, HMAC_SHA2-256, HMAC_SHA2-384, HMAC_SHA2-512

Supported ESP crypto algorithms: ESP-NULL, ESP-DES-CBC, ESP-DES3-CBC, ESP-AES-CBC128, ESP-AES-CBC192, ESP-AES-CBC256, AES-GCM-16-128, AES-GCM-16-192, AES-GCM-16-256

IPsec SA can be negotiated with ISAKMP Server Test Suite 3.2.0 or later and IKEv2 Server Test Suite 3.1.1 or later.

Configurable destination Ethernet MAC address solicitation mode: Neighbor solicitation for nodes in same subnet, Router solicitation and User-specified target MAC address.

Supported SafeGuard Checks

Authentication Bypass

Weak Cryptography

Certificate Validation

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis