IPv6 Tools and Settings (TechRef)

  • Article

Applies To: Windows Server 2008

IPv6 Tools

The following tools are associated with Internet Protocol version 6 (IPv6).

IPv6-compatible TCP/IP Tools

Tool Description

Ftp

Use to communicate with remote computers.

Ipconfig

Display current TCP/IP and IPv6 network configuration values, update or release Dynamic Host Configuration Protocol (DHCP) allocated leases, and display, register, or flush Domain Name System (DNS) names.

Ipsec6.exe

Use to configure Internet Protocol security (IPSec) policies and security associations between two IPv6 hosts.

Netsh

Provides commands for performing network configuration tasks.

Netstat

Display statistics for current TCP/IP connections.

Pathping

Trace a path to a remote system and report packet losses at each router along the way.

Ping

Send Internet Control Message Protocol (ICMP) Echo Requests to verify that TCP/IP is configured correctly and that a remote TCP/IP computer is available.

Route

Display the IP routing table, and add or delete IPv6 routes.

Tracert

Trace a path to a remote system.

FTP

The FTP connectivity tool included with Microsoft TCP/IP can be used to communicate with remote computers.

Category

This tool is included on the Windows Server® 2008 product DVD.

Version compatibility

You can run this command on computers running Windows Vista®, Windows Server 2008, Windows XP or Windows Server 2003.

You can use the FTP tool to transfer files to and from a host running an FTP server service, such as the FTP component of Internet Information Services (IIS). The File Transfer Protocol (FTP) is a protocol that defines how to transfer files from one computer to another over a TCP/IP network, such as the Internet or a company intranet.

Note

  • The FTP service is a component of IIS. However, when you enable IIS on a server, FTP is not enabled unless you explicitly enable it. If you install IIS without FTP, you can use Add or Remove Windows Components in Add or Remove Programs in the Control Panel to install FTP later.

    • Ipconfig

    Category

    This tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run this command on computers running Windows Vista, Windows Server 2008, Windows XP or Windows Server 2003.

    You can use the Ipconfig command-line tool to display the current configuration of the installed IP stack on a networked computer and to refresh DCHP and DNS settings. The ipconfig command is often one of the first commands you use to check the status of the connection when you experience communication problems on a TCP/IP network. Ipconfig is most useful for managing computers that obtain an IP address automatically, such as by using DHCP or Automatic Private IP Addressing (APIPA).

    When called with no parameters, Ipconfig displays the Internet Protocol version 4 (IPv4) and version 6 (IPv6) address, subnet mask, and default gateway for all adapters on a computer.

    Ipsec6.exe

    Category

    The Ipsec6.exe tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run Ipsec6.exe on computers running Windows Server 2008, Windows Server 2003 and use Ipsec6.exe to target computers running versions of Windows that support IPv6 (Windows XP Service Pack 1 [SP1] and later, Windows Server 2003,. Windows Vista and Windows Server 2008).

    You can use Ipsec6.exe to configure IPSec policies and security associations between two IPv6 hosts. This configuration creates an IPSec security association (SA) between two hosts on the same subnet. The SA performs authentication by using the Authentication Header (AH) and either the Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA1) hashed message authentication code (HMAC) algorithms. This configuration provides data origin authentication and data integrity for all traffic between two IPv6 hosts. Ipsec6.exe has multiple commands, each with its own set of parameters:

    ipsec6 sp [Interface]

    Displays the active security policies. Alternatively, displays the active security policies for a specific interface.

    ipsec6 sa

    Displays the active security associations.

    **ipsec6|**FileNameWithNoExtension

    Loads the security policies from FileName.spd and the security associations from FileName.sad.

    **ipsec6 s |**FileNameWithNoExtension

    Saves the current security policies to FileName.spd and the current security associations to FileName.sad. You can use this command to create files that are used to configure security policy and security associations. When there are no security policies or security associations, this command creates FileName.spd for security policies and FileName.sad for security associations. You can use these files as templates to configure the desired security policies or security associations by modifying them with a text editor.

    ipsec6 d [{sp | sa}] [Index]

    Deletes the security policies (using the sp parameter) or security associations (using the sa parameter) from the list of active security policies and security associations, as specified by index number. You can use ipsec6 sp or ipsec6 sa to display the index number.

    ipsec6 m [{on | off}]

    Specifies whether binding updates that are used for mobile IPv6 are protected by IPSec. This is enabled by default.

    Note

  • This implementation of IPSec for IPv6 is not recommended for use in a production environment because it relies on static keying and has no provisions for updating keys upon sequence number reuse.

  • When you manually configure Security Parameters Indexes (SPIs), always use random numbers. Do not use sequential numbers for SPIs, or you will compromise the security of your IPSec for IPv6 policies.

  • IPv6 supports the use of IPSec Encapsulating Security Payload (ESP) with NULL encryption.

    • Netsh Commands for Interface IPv6

    Category

    Netsh commands for Interface IPv6 are included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run Netsh commands for Interface IPv6 on computers running Windows Server 2008 and use Netsh commands for Interface IPv6 to target computers running versions of Windows that support IPv6 (Windows XP Service Pack 1 [SP1] and later, Windows Server 2003,. Windows Vista and Windows Server 2008).

    The Netsh commands for Interface IPv6 provide a command-line tool that you can use to query and configure IPv6 interfaces, address, caches, and routes.

    The Interface IPv6 context of netsh has a subcontext for 6to4, a transition technology described in the HowIPv6 Works section of this Technical Reference, which allows communication between IPv6/IPv4 nodes across the IPv4 Internet. You can use the commands in the netsh interface IPv6 6to4 context to configure or display the configuration of the IPv6 Helper service on either a 6to4 host or a 6to4 router. In addition, the Interface IPv6 context of netsh has a subcontext for Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP is an address assignment and tunneling mechanism for communication between IPv6/IPv4 nodes within an IPv4 intranet. You can use the commands in the nesth interface ipv6 isatap context to configure the IPv4 address of the ISATAP router.

    You can run these commands from the command prompt, or from the command prompt for the netsh interface IPv6 context. For these commands to work at the command prompt, you must type netsh interface ipv6 before typing commands and parameters as they appear in the following reference.

    For a complete listing of the netsh commands for interface IPv6, see: Netsh Commands for Interface (IPv4 and IPv6)

    Netstat

    Category

    This tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run this command on computers running Windows Vista, Windows Server 2008, Windows XP or Windows Server 2003.

    You can use the Netstat command-line tool to display active TCP/IP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and User Datagram Protocol [UDP]), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols).

    Pathping

    Category

    This tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run this command on computers running Windows Vista, Windows Server 2008, Windows XP or Windows Server 2003.

    You can use Pathping, an IP packet route-tracing command-line tool that combines features of Ping and Tracert, to obtain additional information that neither of those tools provides. Specifically, you can use Pathping to discover the route to a remote host; it then pings the remote host for a period of time and collects and reports statistics. Pathping path information includes information about the intermediate routers visited on the path, the Round-Trip Time (RTT) value, and link-loss information.

    Ping

    Category

    This tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run this command on computers running Windows Vista, Windows Server 2008, Windows XP or Windows Server 2003..

    You can use the Ping command-line tool as your primary tool for troubleshooting IP-level connectivity between two TCP/IP computers. Ping sends ICMP Echo Request or ICMPv6 messages to perform network diagnostics and to test reachability for a specific destination. By default, Ping queries for both IPv4 and IPv6 addresses and uses the addresses returned by the operating system.

    Ping lets you specify the size of packets to use (the default is 32 bytes), how many to send, whether to record the route used, which Time-To-Live (TTL) value to use, and so on.

    Route

    Category

    This tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run this command on computers running Windows Vista, Windows Server 2008, Windows XP or Windows Server 2003.

    You can use the Route command-line tool to view and modify the local IP routing table.

    For two hosts to exchange IP datagrams, they must both have a route to each other, or they must use a default gateway that knows a route between the two. Typically, routers exchange information using a protocol such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF). RIP Listening service is available for Windows Vista and Windows XP Professional, and full routing protocols are supported by Windows Server 2008 and Windows Server 2003 in the Routing and Remote Access service.

    Tracert

    Category

    This tool is included on the Windows Server 2008 product DVD.

    Version compatibility

    You can run this command on computers running Windows Vista, Windows Server 2008, Windows XP or Windows Server 2003.

    You can use the Tracert command-line route-tracing tool to display the path between the sending host and a destination.

    The path that Tracert displays is a list of near-side router interfaces of the routers in the path between the source host and destination. Tracert uses the IP TTL field in ICMP Echo Requests and ICMP Time Exceeded messages to determine the path from a source to a destination through an IP internetwork.

    Some routers silently drop packets with expired TTLs. These routers do not appear in the Tracert display.

    Tracert works by incrementing the TTL value by one for each ICMP Echo Request it sends, and then waiting for an ICMP Time Exceeded message. The TTL values of the Tracert packets start with an initial value of one; the TTL of each trace after the first is incremented by one. A packet sent out by Tracert travels one hop further on each successive trip.

    Note

  • The UNIX version of Tracert performs the same function as the Windows version, except that the IP payload is a UDP packet addressed to a (presumably) unknown destination UDP port. Intermediate routers send back ICMP Time Expired messages recording the route taken, and the final destination sends back an ICMP Destination Unreachable-Port Unreachable message.

  • The UDP payload from the UNIX Tracert tool can cross routers and firewalls, whereas the ICMP Echo Request messages might not due to ICMP filtering. To avoid this problem, turn off packet filtering and then try using Tracert again.