Abstract: In IPv6 networks,the Internet protocol identification (IP-ID) fields,which are used to support fragmentation and reassembly of network-layer datagrams,no longer appear as fixed fields but are instead placed in the extension header for flexible use.In recent years,researchers have exploited the IPv6 fragmentation mechanism to induce IPv6 target hosts to generate IP-IDs and perform tasks such as alias prefix resolution,demonstrating that the IP-ID field in IPv6 networks can still leak information and pose certain security risks.Since existing IP-ID exploitation methods rely on simple,predictable IP-ID types,probing whether the IP-ID types of IPv6 devices on the internet are predictable hold significant importance for IPv6 network security and asset assessment.This paper proposes a method to detect IPv6 devices on the Internet,and classifies them into different types.Among the nearly 5 million IPv6 addresses returned,41.1% of the addresses still used  predictable IP-ID,indicating that IPv6 networks are not immune to fragment and IP-ID based attacks.There are still a considerable number of devices in IPv6 network using predictable IP-ID which are of high security risk.

Key words: IPv6 protocol, IP identification(IP-ID) field, network measurement, network security