Nmap Development mailing list archives
Re: IPv6 OS Detection: Call for fingerprinters!!
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 5 Jul 2011 13:51:13 +0200
On Jul 4, 2011, at 6:28 PM, Luis MartinGarcia. wrote:
NOTE: It's Monday. Today many of you should have access to IPv6 boxes, so I resend this call for fingerprinters. Hi! As you may know, David and I are working on a new OS detection engine for IPv6 hosts. At the moment we are in a research phase and we need your help to collect a few preliminary fingerprints that we can analyze and use to refine our algorithms. Basically we need people to run a python script against some IPv6 box. The script stores the results in a file with a name like nmap6fp62102933.6fp. We'd like you to send that file to this address: david+luis () nmap org Below you can find some simple instructions on how to run the script. WARNING: Please do NOT run the script against any critical box, as it performs tests that involve sending some weird IPv6 packets that might crash some sloppy implementations. Thank you very much for your help! Best regards, Luis MartinGarcia. == GENERAL STEPS == 1. Download the script from: http://nmap.org/svn/nping/nping-dev/ipv6fp.py 2. Make sure you have Python and Scapy installed in your system (See below for details on how to install them) 3. Collect the following information: - Target's IPv6 address - Target's IPv4 address - An open port in the target 4. Run the script (See instructions below). 5. Send the results file that it produces to david+luis () nmap org == RUNNING THE SCRIPT == A. The easy way: let the script request all details interactively [Run as root]: ./ipv6fp.py --interactive B. If the above does not work or you think interactive prompts are for cowards, run it with real command line parameters: B.1 If the IPv6 host is on the local link: B.1.1 Target has a link local address like fe80::20c:29ff:fe7d:c25b [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --addr4 \ TARGET_IPV4_ADDRESS --ot OPEN_PORT_IN_TARGET --interface \ IFACE_NAME B.1.2 Target is on-link but its address is of global scope like 2600:3c01::f03c:91ff:fe93:cd19. Try the first command, and then the second if it does not work: [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --ot 80 --addr4 \ TARGET_IPV4_ADDRESS --interface IFACE_NAME --send-eth [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --ot 80 --addr4 \ TARGET_IPV4_ADDRESS --send-ip B.2 If the IPv6 host is more than one hop away. [Run as root]: ./ipv6fp.py 2600:3c01::f03c:91ff:fe93:cd19 --addr4 \ TARGET_IPV4_ADDRESS --ot 80 !!! Note that you have to replace TARGET_IPV6_ADDRESS with an actual IPv6 address, OPEN_PORT_IN_TARGET with the number of an open port in the box, and IFACE_NAME with the name of the appropriate network interface. Parameter --addr4 is optional, so if the target host does not have an IPv4 address, it can be omitted. However, if it does have an IPv4 address, please provide it, as this will improve our results. ==HOW TO INSTALL PYTHON AND SCAPY== + You need to have Python and Scapy to run the script. To install scapy, follow these steps: # 1. Download latest version from: wget secdev.org/projects/scapy/files/scapy-latest.tar.gz # 2. Uncompress the file, tar xvf scapy-latest.tar.gz # 3. CD into the new directory cd scapy-2.1.0 # 4. Build and install python setup.py build --force [AS ROOT] python setup.py install --force Alternatively, you may install scapy in Debian/Ubuntu running "sudo apt-get install scapy" or in RedHat/Fedora running "yum install scapy". + To install Python 2.X, follow these instructions: http://docs.python.org/using/unix.html == Troubleshooting == + Command "./ipv6fp.py --help" displays usage information. + The script can send packets at the Ethernet level or at the IP level. Although it tries to guess the appropriate level automatically, you can pass --send-eth or --send-ip to force any of them. If you use --send-eth and the script complains about not being able to resolve a MAC address, you can pass the default gateway mac address explicitly using: --gwmac 11:22:33:44:55:66 + Before sending the OS detection probes, the script runs a little connectivity test to ensure you can successfully reach the target. If the connectivity test fails but you still want to run the script,just pass --force + Do not hesitate to contact me for any additional information: {luis.mgarc () gmail com} _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
I fail to run the script from Ubuntu 11.04, this is what I get: Traceback (most recent call last): File "ipv6fp.py", line 4095, in <module> main() File "ipv6fp.py", line 4058, in main set_up_ipv6_tests(target_host6_g) File "ipv6fp.py", line 2317, in set_up_ipv6_tests finals=fragment6(final_packet, fragSize=1480) File "/usr/lib/pymodules/python2.7/scapy/layers/inet6.py", line 954, in fragment6 s = str(pkt) # for instantiation to get upper layer checksum right File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 256, in __str__ return self.build() File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 307, in build pay = self.build_payload() File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 299, in build_payload return self.payload.build(internal=1) File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 307, in build pay = self.build_payload() File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 299, in build_payload return self.payload.build(internal=1) File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 308, in build p = self.post_build(pkt,pay) File "/usr/lib/pymodules/python2.7/scapy/layers/inet6.py", line 1148, in post_build chksum = in6_chksum(58, self.underlayer, p) File "/usr/lib/pymodules/python2.7/scapy/layers/inet6.py", line 608, in in6_chksum ph6s = str(ph6) File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 256, in __str__ return self.build() File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 304, in build pkt = self.do_build() File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 291, in do_build p = f.addfield(self, p, val) File "/usr/lib/pymodules/python2.7/scapy/fields.py", line 66, in addfield return s+struct.pack(self.fmt, self.i2m(pkt,val)) struct.error: 'H' format requires 0 <= number <= 65535 Any ideas? //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 04)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis Martín García (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 06)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
- Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 07)