Nmap Development mailing list archives

Re: Does nmap ipv6 work only with directly connected interfaces?

From: Raul Fuentes <ra.fuentess.sam () gmail com>
Date: Tue, 29 Apr 2014 16:59:18 +0200


Hi,

I’m facing buggy behaviour with nmap 6.45 when I use it for ipv6 scanning.

My setup involves a windows PC connected to a Cisco router. I am running
nmap from windows. It worked well for link local destination addresses.
However the scenario in which it fails involves a destination address that
is on a different subnet. This shouldn’t make a difference since the PC can
ping this ipv6 destination via a default route.


Round brackets indicate device type and square brackets indicate ipv6
address. a1  and a2 mean 2 global ipv6 addresses in the same subnet. b1 is
global ipv6 address in a different subnet and is configured as a loopback
address on the router.

This setup works fine when I test ipv4 addresses and even link local
addresses. However, it doesn’t seem to work when the destination ipv6
address is the loopback address. The error I receive is:
C:\Program Files (x86)\Nmap>nmap -6 -sS -p1-65 -oA syn65 4000:1::1/128

If you have more than one interface with IPv6, you should use the -e
argument (on Nmap) for indicate which Interface to use for the probe.
However, probably your link-local ping should had failed without a similar
argument (as any OS will not be sure by which one send the ping).

Maybe you can use Wireshark to see if the router is returning the  ICMPv6
message of network unreachable ( one possible  reason for Nmap display the
message "failed to determine route to 4000:1::1" ).  If appear the problem
will be on the router and not on Nmap.   Other thing to do is trying Nmap
with a  IPv4 loobpack (I can't remember using Nmap for a router loopback
interface, so not sure if the router will answer by default or send a ICMP
message).

Other thing, Cisco routers by default (at least the IOS 12.4) do not route
IPv6 messages, unless the command "ipv6 unicast-routing" is given. Maybe
your router have a similar configuration (again, wireshark could help to
notice this behavior).
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Does nmap ipv6 work only with directly connected interfaces? Amitesh Bhagwan (amitbhag) (Apr 28)
- Re: Does nmap ipv6 work only with directly connected interfaces? Raul Fuentes (Apr 29)
- Re: Does nmap ipv6 work only with directly connected interfaces? Amitesh Bhagwan (amitbhag) (May 10)
- <Possible follow-ups>
- Re: Does nmap ipv6 work only with directly connected interfaces? John Bond (May 19)