Nmap Development mailing list archives
Re: IPv6 host discovery, SYN, incorrectly reporting targets down
From: Daniel Roethlisberger <daniel () roe ch>
Date: Tue, 6 Oct 2009 20:59:31 +0200
Paul Jenkins <pjenkins () dsci com> 2009-10-06:
Host that only respond with RST/ACK flags are reported as down, only hosts that report back with SYN/ACK are reported as up. Command used Nmap -6 -sP -PS22,23,80,443,37227 -iL _____ Using ipv4 addresses in the same environment yields the correct number of hosts "up".
IPv6 TCP ping scans are in fact connect() scans, while for IPv4, a raw TCP SYN scan is used. If your network stack doesn't return ECONNREFUSED on receiving RST/ACK, then Nmap doesn't know the difference between a refused connection and one which failed due to no responses received. -- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins (Oct 06)
- Re: IPv6 host discovery, SYN, incorrectly reporting targets down Daniel Roethlisberger (Oct 06)
- <Possible follow-ups>
- RE: IPv6 host discovery, SYN, incorrectly reporting targets down Paul Jenkins (Oct 06)
- Re: IPv6 host discovery, SYN, incorrectly reporting targets down Daniel Roethlisberger (Oct 06)