Nmap Development mailing list archives
Re: [nmap-svn] r26641 - nmap
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Oct 2011 10:03:48 -0700
On Thu, Oct 06, 2011 at 01:05:15PM +0300, Toni Ruottu wrote:
Some other tools I have seen use heuristic, with -4 and -6 for forcing the use of IPv4 or IPv6. Would that make sense?
I tdon't think other tools are using that heuristic. Rather they just use whatever getaddrinfo returns to them, which will be IPv4 for IPv4 addresses, IPv6 for IPv6 addresses, and something system-dependent for host names. A difference between Nmap and some other tools is that some other tools only handle one target at a time, so -4 or -6, while nominally global options, only apply to a single address. RFC 3484 has an algorithm for deciding to use an IPv4 address or IPv6 address when both are available. You can configure getaddrinfo manually by editing /etc/gai.conf. My Debian system seems to prefer global IPv6 addresses, for example when I SSH to one of my dual-stack servers it uses IPv6 unless I also use the -4 option. For what it's worth I think Nmap should be able to handle IPv4 and IPv6 in a single invocation. I think programs like ping6 and traceroute6 are kluges that shouldn't exist. They aren't separate programs on every platform: on Windows and Solaris the ping program handles both families, and you don't even need -6 to allow an IPv6 address. (In case of ambiguity it probably does something similar to /etc/gai.conf.) A good use case for mixed—address family scanning is targets-sniffer.nse: listen to the network and then scan everything. The only question is what to do in this case: nmap 192.0.43.10 scanme.nmap.org 2001:500:88:200::10 Should scanme.nmap.org be resolved as IPv4 or IPv6? Some options are 1) Always preferentially use IPv4. 2) Always preferentially use IPv6. 3) Use the getaddrinfo policy. Also, what then should -4 or -6 mean? They could either simply prefer a certain address family, or forbid all other address families. What would you do if you wanted to scan both the IPv4 and IPv6 addresses of scanme.nmap.org? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r26641 - nmap Fyodor (Oct 05)
- Re: [nmap-svn] r26641 - nmap Toni Ruottu (Oct 06)
- Re: [nmap-svn] r26641 - nmap David Fifield (Oct 06)
- Re: [nmap-svn] r26641 - nmap Fyodor (Oct 08)
- Re: [nmap-svn] r26641 - nmap David Fifield (Oct 06)
- Re: [nmap-svn] r26641 - nmap Toni Ruottu (Oct 06)