6MON: Rogue IPV6 router advertisement detection and mitigation and IPV6 address utilization network monitoring tool

IPv6 still represents a small part of all Internet traffic, but is already present in almost all our networks. Sometimes it is "official" IPv6 traffic, often it is just link-local traffic or global-scope traffic going through tunnels without the network administrators knowledge. Whatever the reason of the presence of IPv6, the time when network administrators just needed to control IPv4 is over. In order to be able to control their networks, responsible for maintenance needs at least an easy solution for these operations: finding all associations between MAC, IPv4 and IPv6 addresses being alerted when a rogue router starts sending its router-advertisements being able to neutralize the effects of rogue router advertisements. 6MoN include all the above functions. It operates by putting the network interface of the monitoring node in a promiscuous mode and inspecting ICMPv6 multicast frames (802.1q tagged and non-tagged). The switch port to which the monitoring node is connected just needs to be member of all VLANs to be monitored. 6MoN is a plug and play tool that is able to detect in real-time all connected IPv6 and IPv4 addresses and their corresponding DNS hostnames and MAC addresses. The inspection and mitigation of rogue router advertisements needs a minimal configuration. In addition, "MAC Find", an algorithm based on SNMP protocol, permits to localize the switch port to which a certain MAC is connected.