Re: [NSE][Patch] Script output for targets-ipv6-multicast-*

[David Fifield <david () bamsoftware com>]

On Fri, Sep 23, 2011 at 03:14:48PM -0500, Daniel Miller wrote:
> List,
>
> I was doing some testing with host discovery using the
> targets-ipv6-multicast-* family of scripts, and I found that it was
> discovering a host that would not reply to the neighbor discovery
> ping (a Windows Vista machine). I wanted to get the MAC address of
> the machine so I could correlate it with my IPv4 scan of the
> network. (Turns out, the machine has 2 link-scope IPv6 addresses.
> The one it won't respond to, I can't find on the machine using
> ipconfig /all. Mysterious!).

I have seen this too. I don't know what's up with the phantom address.
Weilin may have an explanation. I'll bet this is your Windows Vista:

> > |   fe80:0000:0000:0000:xxxx:xxxx:xxxx:79a4 at XX:XX:XX:XX:XX:A3
> > |   fe80:0000:0000:0000:xxxx:xxxx:xxxx:b7c5 at XX:XX:XX:XX:XX:A3

I can tell because the last byte of the address doesn't match the last
bytes of the MAC. Windows is the only OS I've seen so far that doesn't
use the EUI-64 method of generating link-local addresses, which embeds
the MAC address in the IPv6 address.

> The long and short of it is that I generated this patch to make
> these scripts a little more verbose. I am pretty sure the MAC
> address part is not portable to other link-layer protocols, so I'd
> be open to suggestions for a better way of doing it. The existing
> targets-* scripts only print network-layer addresses, but the MAC
> address was the reason behind my work, so I left it in. Sample
> output:
> > Pre-scan script results:
> > |_targets-ipv6-multicast-invalid-dst: Found 3 targets
> > |_targets-ipv6-multicast-echo: Found 4 targets
> > |_targets-ipv6-multicast-slaac: Found 8 targets

I've committed something like this.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/