Nmap Development mailing list archives
Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 17 Apr 2012 17:36:47 -0500
On 04/17/2012 04:50 PM, David Fifield wrote:
Thanks for accepting this. Unfortunately, host.bin_ip is not available for sniffed addresses, but I could check the binary addresses first, then convert them to text before inserting into the table. I think an easier option may be to be more explicit with the pattern match:On Fri, Mar 09, 2012 at 12:31:32PM -0600, Daniel Miller wrote:On 03/09/2012 11:49 AM, Daniel Miller wrote:List, Here's a patch to add IPv6 address sniffing to targets-sniffer. The major difference is changing the BPF from "ip" to "ip or ip6". I had to add a couple checks for NDP multicast addresses to check_if_valid, and I may have missed some other invalid IPv6 addresses.Attaching updated patch. I was correct in thinking I missed some addresses: All IPv6 addresses starting with 'FF' are multicast, so I now test for that instead.Thanks Daniel, I committed your changes. As for checking for an IPv6 multicast address, I think your check fails for an address that starts ff1:, for example. (Because that is really 0ff1.) Could you try using host.bin_ip instead? David Fifield
Index: scripts/targets-sniffer.nse =================================================================== --- scripts/targets-sniffer.nse (revision 28490) +++ scripts/targets-sniffer.nse (working copy) @@ -49,7 +49,7 @@ if address == local_address or address == broadcast or address == "255.255.255.255" - or address:match('^ff') --IPv6 Multicast addrs + or address:match('^ff..:') --IPv6 Multicast addrs then return false else
In answer to your question in the other message, changing the BPF based on the scan address family would be simple, but I prefer to see output for all information collected. The -6 option means to me that I will SEND ipv6 probes. Other scripts extract IPv4 addresses from targets (mdns, etc), so this is consistent there.
Thanks again! Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 David Fifield (Apr 17)
- <Possible follow-ups>
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 David Fifield (Apr 17)
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 Daniel Miller (Apr 17)
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 David Fifield (Apr 17)
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 Daniel Miller (Apr 17)