Hi Niall, Enno and list, I've just taken a bit of a look at these, and this is what I think: Enno Rey <erey@ernw.de> writes:
On Fri, May 16, 2014 at 03:18:14PM +0200, Niall O'Reilly wrote:
The problem it addresses seems to be parallel to the one which has my main attention at the moment. I need to track NAs (including legitimate ones) rather than RAs.
So far, I'm aware of the following two potential solutions whose trails seem worth following to find out more:
That seems to be quite the beast. It sounds interesting, but it may be way overkill if you only want to use it to monitor ND.
On that page it says: ] 6MoN version 2.2 Released ] ] Improvements in RA analysis: ] ] Multiple IPv6 prefixes are now recognized ] ] Optional fields are handled properly Doesn't really make me feel that confident...
ipv6mon (http://www.si6networks.com/tools/ipv6mon/), NDPmon (http://ndpmon.sourceforge.net/). [...] http://blog.webernetz.net/2014/03/17/monitoring-mac-ipv6-address-bindings/
From what I've read, these seem to do the job Niall needs. However, the way they work it isn't perfectly reliable: They all work by attaching a listening device to the subnet, which is generally fine, but may be insufficient.
An orthogonal approach might actually be to use information from the various routers in the network. These may not show who is doing things within the subnet only, but as soon as they send anything through a router, they can be tracked there.
Crossposting to IPv6hackers mailing list as guys over there might have other/better suggestions. apologies in advance for this!
No reason to apologize, it makes perfect sense. Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/