Nmap Development mailing list archives

Re: Bug on FreeBSD for IPv6

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 25 Jan 2016 08:18:55 -0600

Martin,

Thanks for this report! I confirm that Nmap (via libdnet) is finding the
wrong mask for many routes, always showing /32 (or /128) even when a /16 or
/64 is expected. I entered this in our bug tracker, and I will work on
hunting down the problem: https://github.com/nmap/nmap/issues/284

Dan

On Mon, Jan 25, 2016 at 4:20 AM, <Martin.Gysi () swisscom com> wrote:

Hi all



I noticed that I cannot scan IPv6 hosts from FreeBSD if they are within
the same /32. The scanning host is on network 2001:918:ffff:0::/64, it
wrongly assumes that 2001:918:ffff:391a::/64 is also locally connected.
nmap –iflist shows a route (2001:918:ffff::/32 bge0 0) that is not actually
there on FreeBSD (as shown by netstat –rn). I need to explicitely disable
arp-ping for the scan to proceed.



root@freeBSD # nmap -6 -vvv 2001:918:ffff:391a::1 -Pn



Starting Nmap 7.01 ( https://nmap.org ) at 2016-01-25 13:56 CET

Initiating ND Ping Scan at 13:56

Scanning 2001:918:ffff:391a::1 [1 port]

Completed ND Ping Scan at 13:56, 0.42s elapsed (1 total hosts)

Nmap scan report for 2001:918:ffff:391a::1 [host down, received
no-response]

Read data files from: /usr/local/share/nmap

Nmap done: 1 IP address (0 hosts up) scanned in 0.46 seconds

           Raw packets sent: 2 (144B) | Rcvd: 0 (0B)

root@freeBSD #



root@freeBSD #tcpdump -n ip6

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on bge0, link-type EN10MB (Ethernet), capture size 65535 bytes



13:56:04.158306 IP6 2001:918:ffff:0:218:8bff:fef7:afe5 > ff02::1:ff00:1:
ICMP6, neighbor solicitation, who has 2001:918:ffff:391a::1, length 32

13:56:04.363360 IP6 2001:918:ffff:0:218:8bff:fef7:afe5 > ff02::1:ff00:1:
ICMP6, neighbor solicitation, who has 2001:918:ffff:391a::1, length 32



root@freeBSD # nmap --iflist



Starting Nmap 7.01 ( https://nmap.org ) at 2016-01-25 14:01 CET

************************INTERFACES************************

DEV  (SHORT) IP/MASK                               TYPE     UP   MTU   MAC

em0  (em0)   (none)/0                              ethernet down 1500
00:25:17:0D:CD:46

bge0 (bge0)  195.186.192.220/29                    ethernet up   1500
00:28:8B:F7:AF:E5

bge0 (bge0)  fe80:2::afe5/64         ethernet up   1500  00:28:8B:F7:AF:E5

bge0 (bge0)  2001:918:ffff:0::afe5/64 ethernet up   1500  00:28:8B:F7:AF:E5

bge1 (bge1)  (none)/0                              ethernet down 1500
00:28:8B:F7:AF:E6

lo0  (lo0)   127.0.0.1/8                           loopback up   16384

lo0  (lo0)   ::1/128                               loopback up   16384

lo0  (lo0)   fe80:4::1/64                          loopback up   16384



**************************ROUTES**************************

DST/MASK                               DEV  METRIC GATEWAY

127.0.0.1/32                           lo0  0

195.186.192.220/32                     lo0  0

195.186.192.216/29                     bge0 0

0.0.0.0/0                              bge0 0      195.186.192.217

2001:918:ffff:0:218:8bff:fef7:afe5/128 lo0  0

fe80::218:8bff:fef7:afe5/128           lo0  0

::1/128                                lo0  0

fe80::1/128                            lo0  0

fe80::/32                              lo0  0      ::1

::/32                                  lo0  0      ::1

::ffff:0.0.0.0/32                      lo0  0      ::1

fe80::/32                              bge0 0

fe80::/32                              lo0  0

2001:918:ffff::/32                     bge0 0

ff01::/32                              bge0 0      fe80::218:8bff:fef7:afe5

ff01::/32                              lo0  0      ::1

ff02::/32                              lo0  0      ::1

ff02::/32                              bge0 0      fe80::218:8bff:fef7:afe5

ff02::/32                              lo0  0      ::1

::/0                                   bge0 0      fe80::20f:35ff:fe62:3819



root@freeBSD # netstat -6rn

Routing tables



Internet6:

Destination                       Gateway                       Flags
Netif Expire

::/96                             ::1
UGRS        lo0

default                           fe80::20f:35ff:fe62:3819%bge0 UG
bge0

::1                               link#4
UH          lo0

::ffff:0.0.0.0/96                 ::1
UGRS        lo0

2001:918:ffff::/64                link#2                        U
bge0

2001:918:ffff:0:218:8bff:fef7:afe5 link#2
UHS         lo0

fe80::/10                         ::1
UGRS        lo0

fe80::%bge0/64                    link#2                        U
bge0

fe80::218:8bff:fef7:afe5%bge0     link#2
UHS         lo0

fe80::%lo0/64                     link#4
U           lo0

fe80::1%lo0                       link#4
                 UHS         lo0

ff01::%bge0/32                    fe80::218:8bff:fef7:afe5%bge0 U
bge0

ff01::%lo0/32                     ::1
U           lo0

ff02::/16                         ::1
 UGRS        lo0

ff02::%bge0/32                    fe80::218:8bff:fef7:afe5%bge0 U
bge0

ff02::%lo0/32                     ::1
U           lo0



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Bug on FreeBSD for IPv6 Martin.Gysi (Jan 25)
- Re: Bug on FreeBSD for IPv6 Daniel Miller (Jan 25)
  - Re: Bug on FreeBSD for IPv6 Daniel Miller (Feb 10)