In this post, I will share a few interesting things you can do within MACOSX
1: disabling ipv6 mountain-lion +
1st you have to get a list of the interfaces either from the gui or the cli cmd
"networksetup -listallnetworkservices"
will show you all network interfaces by service name, this will match the names shown in the gui
2nd now to disable the ipv6 services, type the name with the
setv6off option, & you will be challenge for the admin login
You can re-validate via the netstat command
2: disabling ipv6 snow-leopard
Snow Leopard 10.6.x and older typically allow you to use the
ipv6 -x option to disable all ip6 interfaces.
3: disassociating a Wifi interface
Some times the need will arises for changing a interface mtu settings, changing a ether_mac_address or for using a airpacket injector or 802.11 capture monitor. This will require you to dis-associate the wifi interface;
4: Changing interface MTU for a interfaces
With mt-lion or newer the
getMTU and
setMTU commands will allow you to validate and change the mtu setting for a interface
OR
You can also just use the
ifconfig command in the following example;
5: ether_address changing
For network pen-testing, we can also change the ether address that's defined for our network interfaces. I like to use
aaaa.aaaa.aaaa , but pick a proper mac address.
To do this, the ether address can be changed via the
ifconfig cmd. Keep in mind you need root access and you must have the wifi interface disassociated after poweron via the overhead tool bar.
NOTE: You might want to use a valid ether_address due to some enterprise networks have IDS/WIDS or Network Idenitiy engines, that can triggers on unknown vendor mac_address
Sites like
http://www.coffer.com/mac_find/ or
http://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml will help test for a recognized mac_address that registered.
5: removing ipv6 from lo0 ( loopback )
The commands
; ip6 -x networksetup, or the WebGUI as described earlier , " WILL NOT LET you disable the loopback ipv6 address".
To disable ipv6 on a loopback you have to revert back to classic BSD option
-alias and with the
ifconfig command
(e.g)
NOTE: Doing this break most browser capability of browsing. You still have dns resolving capabilities from the cli tho.
You can disable ipv6 in your browser or apply the ipv4only for the domains you want.
e.g
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
/ \