Re: IPv6 functionality and scan results

[David Fifield <david () bamsoftware com>]

On Tue, Oct 06, 2009 at 08:26:59AM -0400, Paul Jenkins wrote:
> I've taken nmap and run from 3 different systems with 3 different OS's
> on a static network dual stacked. Attached (I hope) is the output of
> these scans. There is an incredible disparity between the v6 and v4
> scans. 

There are a lot of results attached here. Could you excerpt a couple of
hosts whose results are surprising?

It's not unusual that IPv6 results are different from IPv4. Sometimes
daemons are configured to listen on only one of them. Or a firewall may
be locked down for IPv4 but mostly open for IPv4.

> One thing I noted via wire shark it appears there are multiple identical
> packets sent when scanning with -6 on XP and 2003, any thoughts as to
> why?

Nmap will resend a probe if it doesn't get a response the first time. If
the network conditions seem to be bad, it may send each probe up to 10
times. Use the --max-retries options to control this.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org