Host Identity Detection in IPv6 Networks

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 456)


It is important to keep networks secure and reliable. In order to backtrack security incidents, provide accounting for offered services etc., it is necessary to know the identity of network users. With various methods for IPv6 address assignments, user identification in IPv6 networks is challenging. This paper proposes a new approach for user identity tracking in LANs. The approach is based on network control traffic that is already present in IPv6 networks. In contrast to current methods, the proposed approach does not bring any extensive workload to active network devices and works in networks with Multicast Listener Discovery snooping. In addition, the approach is able to detect that an address is no longer used. The proposed approach is passive to end devices. In order to make the approach reliable, we studied the behaviour of current operating systems during IPv6 address assignments. We implemented a tool called ndtrack based on the proposed approach and tested it in a real network.


Computer network security Host identity IPv6 monitoring SLAAC Neighbor Discovery 



This work is a part of the project VG20102015022 supported by Ministry of the Interior of the Czech Republic. This work was also supported by the research plan MSM0021630528 and BUT project FIT-S-11-1. We would like to thank Marcela Šimková and Jim Wampler for their help during the preparation of this paper.


  1. 1.
    Dhamdhere, A., Luckie, M., Huffaker, B., Claffy, K., Elmokashfi, A., Aben, E.: Measuring the deployment of IPv6: topology, routing and performance. In: Proceedings of IMC ’12, pp. 537–550. ACM, New York (2012)Google Scholar
  2. 2.
    Hinden, R., Deering, S.: IP Version 6 Addressing Architecture. RFC 4291, February 2006Google Scholar
  3. 3.
    Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862, September 2007Google Scholar
  4. 4.
    Groat, S., Dunlop, M., Marchany, R., Tront, J.: The privacy implications of stateless IPv6 addressing. In: Proceedings of CSIIRW ’10, pp. 52:1–52:4. ACM, New York (2010)Google Scholar
  5. 5.
    Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941, September 2007Google Scholar
  6. 6.
    Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor Discovery for IP version 6 (IPv6). RFC 4861, September 2007Google Scholar
  7. 7.
    Vida, R., Costa, L.: Multicast Listener Discovery Version 2 (MLDv2) for IPv6. RFC 3810, June 2004Google Scholar
  8. 8.
    Davies, J.: The Cable Guy: IPv6 Autoconfiguration in Windows Vista. TechNet Magazine, August 2007.
  9. 9.
    Dunlop, M., Groat, S., Marchany, R., Tront, J.: The good, the bad, the IPv6. In: CNSR 2011, Ottawa, Canada, May 2011, pp. 77–84 (2011)Google Scholar
  10. 10.
    Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic Host Configuration Protocol for IPv6 (DHCPv6). RFC 3315, July 2003Google Scholar
  11. 11.
    Polčák, L., Holkovič, M.: Behaviour of various operating systems during SLAAC, DAD, and ND (2013).
  12. 12.
    Polčák, L., Holkovič, M., Matoušek, P.: A new approach for detection of host identity in IPv6 networks. In: Proceedings of the DCNET ’13, pp. 57–63. SciTePress - Science and Technology Publications (2013)Google Scholar
  13. 13.
    McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38, 69–74 (2008)CrossRefGoogle Scholar
  14. 14.
    Grégr, M., Matoušek, P., Podermański, T., Švéda, M.: Practical IPv6 monitoring - challenges and techniques. In: Proceedings of IM 2011, Dublin, Ireland, pp. 660–663. IEEE CS (2011)Google Scholar
  15. 15.
    Groat, S., Dunlop, M., Marchany, R., Tront, J.: What DHCPv6 says about you. In: WorldCIS 2011, London, UK, pp. 146–151 (2011)Google Scholar
  16. 16.
    Kriukas, J.: addrwatch: A tool similar to arpwatch for IPv4/IPv6 and ethernet address pairing monitoring (2012).
  17. 17.
    Asati, R., Wing, D.: Tracking of Static/Autoconfigured IPv6 addresses. Internet Draft, version 00 (Work in progress), December 2012Google Scholar
  18. 18.
    Holkovič, M., Polčák, L.: ndtrack (2013).

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Libor Polčák
    • 1
  • Martin Holkovič
    • 1
  • Petr Matoušek
    • 1
  1. 1.Faculty of Information TechnologyBrno University of TechnologyBrnoCzech Republic

Personalised recommendations