Nmap Development mailing list archives
RE: IPv6 OS Detection: Call for fingerprinters!!
From: "Dario Ciccarone (dciccaro)" <dciccaro () cisco com>
Date: Thu, 7 Jul 2011 00:14:52 -0500
It works OK for me when using a global unicast address, but it doesn't work at all when trying to use a link-local address and the following command line: sudo ./ipv6fp.py fe80::20a:b8ff:fea9:5944 --ot=23 --ct=9999 --interface=eth0 --send-eth --addr4=192.168.1.1 I'm getting an "ERROR: Could not resolve target's MAC address" error. Checking the source code, it looks like the problem is on get_target_mac_address() - for the ICMPv6 Neighbor Solicitation message, you're using as L2 destination the broadcast address, and as destination on the IPv6 packet header the same address you're trying to find the L2 address for. That wont' work. RFC-4861, Section 4.3 Nodes send Neighbor Solicitations to request the link-layer address of a target node while also providing their own link-layer address to the target. Neighbor Solicitations are multicast when the node needs to resolve an address and unicast when the node seeks to verify the reachability of a neighbor. Then we need to use as destination a multicast NS - if we keep reading: Destination Address Either the solicited-node multicast address corresponding to the target address, or the target address. The solicited-node multicast address format is FF02:0:0:0:0:1:FFXX:XXXX - for our example, FF02::1:FFA9:5944. That should be the destination address on the IPv6 header - not the unicast link-local address we're trying to get the L2 address for. And if we're doing multicast for the L3 destination address, then we also need to do multicast for the L2 destination address - from RFC-2464, section 7: An IPv6 packet with a multicast destination address DST, consisting of the sixteen octets DST[1] through DST[16], is transmitted to the Ethernet multicast address whose first two octets are the value 3333 hexadecimal and whose last four octets are the last four octets of DST. So, following our example, our L2 destination address should be 33:33:FF:A9:59:44. And so I don't look like I'm whining ;) - attached, a working diff implementing both changes to the get_target_mac_address() function. I'm doing the "inet_pton" step so I don't have to reinvent the wheel here, in case the destination IPv6 address provided in the command-line is something like FE80::1 or similar. Could, however, use a bit of error-checking logic. Or rewrite/beautify as needed :) Thanks, Dario
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Luis MartinGarcia. Sent: Monday, July 04, 2011 12:29 PM To: nmap-dev Subject: IPv6 OS Detection: Call for fingerprinters!! NOTE: It's Monday. Today many of you should have access to IPv6 boxes, so I resend this call for fingerprinters.
Attachment:
get_target_mac_address.diff
Description: get_target_mac_address.diff
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 04)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis Martín García (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 06)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 07)
- RE: IPv6 OS Detection: Call for fingerprinters!! Dario Ciccarone (dciccaro) (Jul 07)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 07)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 11)
- RE: IPv6 OS Detection: Call for fingerprinters!! Dario Ciccarone (dciccaro) (Jul 12)