Nmap Development mailing list archives
Re: Nmap and IPv6
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 17 Oct 2008 22:28:55 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/17/2008 09:13 PM, DePriest, Jason R. wrote:
I am having some general problems with IPv6 scanning with nmap. I have two systems on a wireless LAN that have IPv6 addresses. They can ping each other. Nmap says no, sir. Laptop running nmap - fe80::a800:4ff:fe00:a04 System I am scanning - fe80::210:5aff:fe1d:5c3f Hey, look! I can ping it! depriest@hole:~$ ping6 -I eth2 fe80::210:5aff:fe1d:5c3f PING fe80::210:5aff:fe1d:5c3f(fe80::210:5aff:fe1d:5c3f) from fe80::a800:4ff:fe00:a04 eth2: 56 data bytes 64 bytes from fe80::210:5aff:fe1d:5c3f: icmp_seq=1 ttl=64 time=1.07 ms 64 bytes from fe80::210:5aff:fe1d:5c3f: icmp_seq=2 ttl=64 time=1.04 ms 64 bytes from fe80::210:5aff:fe1d:5c3f: icmp_seq=3 ttl=64 time=1.07 ms 64 bytes from fe80::210:5aff:fe1d:5c3f: icmp_seq=4 ttl=64 time=1.46 ms ^C --- fe80::210:5aff:fe1d:5c3f ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3010ms rtt min/avg/max/mdev = 1.040/1.164/1.460/0.173 ms Nmap is sad. depriest@hole:~$ sudo nmap -sP -6 fe80::210:5aff:fe1d:5c3f Starting Nmap 4.76 ( http://nmap.org ) at 2008-10-17 21:06 CDT Strange error from connect (22):Invalid argument Note: Host seems down. If it is really up, but blocking our ping probes, try -PN Nmap done: 1 IP address (0 hosts up) scanned in 0.21 seconds What is this "invalid argument" it speaks of? Dunno, but here is a more informative error messge. CONN (0.2710s) TCP localhost > fe80::210:5aff:fe1d:5c3f:22 => Invalid argument I did a fancier scan and ended up with 2000 of those. depriest@hole:~$ grep "Invalid argument" nmap-ipv6.nmap | wc -l 2000 I am attaching the log file for someone who knows more about nmap -6 to look at.
I think you just need to specify the interface to use via the perfect syntax (see below). This is required because link-local addresses are interface-specific. I added support for this syntax for link-local scanning in Nmap this past May: o Nmap now understands the RFC 4007 percent syntax for IPv6 Zone IDs. On Windows, this ID has to be a numeric index. On Linux and some other OS's, this ID can instead be an interface name. Some examples of this syntax: fe80::20f:b0ff:fec6:15af%2 fe80::20f:b0ff:fec6:15af%eth0 [Kris] If you haven't already seen it, you may be interested in HD Moore's recent paper[1] on IPv6, which also happens to mention the above support in Nmap.
Thanks in advance folks. -Jason
Thanks, Kris Katterjohn [1] http://www.milw0rm.com/papers/233 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSPlX9f9K37xXYl36AQJJQA//U7CbAWGjw4kicDKduO6DalHvv0z+BQzc EiuVkpTbj/FU8KOn0ND1CUXpMGnxwERibB1B8ZsU5Gm5+rqVOre/naE2tCOKL/3U JmeUHkKnOMnANARu3Bp530ADJuPuY/IjyPbhKuqpiUvg9zKrObwhAniZWC6O0uFo ndwUEtXGEskFHMydjK/TkxMSBB6uv3RoX4SAh0CHwqoNSbCb/GJOfB3AWvbKS2Lp eQDa85dK9TA4I0eE7IAriU7vedLpjvIORYUI7Uy5RoUSMKphnU46mQIVJsTDyAMu 6kLOxOGzSm406LZHpDum/nn05zhRKjHD/YkRF3Viyh9fH6m6SxbPP8VMpZ4a2rDS 16KEsqY0gjjZAqZbwmJn8rD4+NT26EmO1rnK3lx0KJYpkqgCJXCUwe2tQSoDq7Uq YiX38Wt2wCSanD/FBtJF0JfBz0QDcqERqqIAw9S9ozCOCr31LDSNQ83pFaK57Oqj XS/n9WrSymV7YHnmh8L5dpzAjAUeVGeIVtF907U6Nma2SGCo7NGxdIn3JCw/TAP1 qa5ocSwD+RdWiQdW4NVjXJn6O4QQ6vSy/heAm008yEL0a5cmfv3OLHw32HUjhUZ+ DKQhHTL0PBzuqLLs7wIzVMM59fFds6uxY8MZAPuiipQVDI2qCGkEQ16+UERDR98n 0Gi6qMDfZ7c= =Azzp -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap and IPv6 DePriest, Jason R. (Oct 17)
- Re: Nmap and IPv6 Kris Katterjohn (Oct 17)
- Re: Nmap and IPv6 DePriest, Jason R. (Oct 17)
- Re: Nmap and IPv6 Kris Katterjohn (Oct 17)
- Re: Nmap and IPv6 DePriest, Jason R. (Oct 17)
- Re: Nmap and IPv6 DePriest, Jason R. (Oct 17)
- Re: Nmap and IPv6 GomoR (Oct 19)
- Re: Nmap and IPv6 Kris Katterjohn (Oct 17)