Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

nmap 4.67 IPv6 ping scan incorrectly indicates host is down

From: Andrew Waters <awaters_uk () hotmail com>
Date: Tue, 4 Nov 2014 11:16:50 +0000
The current version of nmap incorrectly reports an IPv6 host as down. This appears to be caused by the change

o The ICMP ID of ICMP probes is now matched against the sent ICMP ID,
  to reduce the chance of false matches. Patch by Chris Johnson.

made in nmap 4.65.

# nmap -6 -ddd -vvv -n -T4 -PE -sn 2001:500:100:1187:250:56ff:fe09:13f8

Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-04 11:04 GMT
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 500, min 100, max 1250
  max-scan-delay: TCP 10, UDP 1000, SCTP 10
  parallelism: min 0, max 0
  max-retries: 6, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Fetchfile found /home/awaters/Downloads/nmap/nmap-6.47/nmap-payloads
Initiating Ping Scan at 11:04
Scanning 2001:500:100:1187:250:56ff:fe09:13f8 [1 port]
Packet capture filter (device ens9): dst host 2001:500:100:1181:7eb1:d59a:e7cd:60a0 and (icmp or icmp6 or ((tcp or udp 
or sctp) and (src host 2001:500:100:1187:250:56ff:fe09:13f8)))
SENT (0.0251s) ICMPv6 (58) 2001:500:100:1181:7eb1:d59a:e7cd:60a0 > 2001:500:100:1187:250:56ff:fe09:13f8 
(type=128/code=0) ver=6, tclass=0 flow=0 payloadlen=8 nh=IPv6-ICMP hopl=255 
**TIMING STATS** (0.0252s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 500000/-1/-1
Current sending rates: 68.60 packets / s, 3292.63 bytes / s.
Overall sending rates: 68.60 packets / s, 3292.63 bytes / s.
RCVD (0.0280s) ICMPv6 (58) 2001:500:100:1187:250:56ff:fe09:13f8 > 2001:500:100:1181:7eb1:d59a:e7cd:60a0 
(type=129/code=0) ver=6, tclass=0 flow=0 payloadlen=8 nh=IPv6-ICMP hopl=63 
Found 2001:500:100:1187:250:56ff:fe09:13f8 in incomplete hosts list.
SENT (0.5279s) ICMPv6 (58) 2001:500:100:1181:7eb1:d59a:e7cd:60a0 > 2001:500:100:1187:250:56ff:fe09:13f8 
(type=128/code=0) ver=6, tclass=0 flow=0 payloadlen=8 nh=IPv6-ICMP hopl=255 
**TIMING STATS** (0.5279s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 500000/-1/-1
Current sending rates: 3.87 packets / s, 185.57 bytes / s.
Overall sending rates: 3.87 packets / s, 185.57 bytes / s.
RCVD (0.5293s) ICMPv6 (58) 2001:500:100:1187:250:56ff:fe09:13f8 > 2001:500:100:1181:7eb1:d59a:e7cd:60a0 
(type=129/code=0) ver=6, tclass=0 flow=0 payloadlen=8 nh=IPv6-ICMP hopl=63 
Found 2001:500:100:1187:250:56ff:fe09:13f8 in incomplete hosts list.
**TIMING STATS** (1.0306s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 500000/-1/-1
Current sending rates: 1.96 packets / s, 94.12 bytes / s.
Overall sending rates: 1.96 packets / s, 94.12 bytes / s.
ultrascan_host_probe_update called for machine 2001:500:100:1187:250:56ff:fe09:13f8 state UNKNOWN -> HOST_DOWN (trynum 
1 time: 504893)
Moving 2001:500:100:1187:250:56ff:fe09:13f8 to completed hosts list with 1 outstanding probe.
Completed Ping Scan at 11:04, 1.02s elapsed (1 total hosts)
Overall sending rates: 1.96 packets / s, 93.92 bytes / s.
pcap stats: 2 packets received by filter, 0 dropped by kernel.
Initiating System DNS resolution of 1 host. at 11:04
Completed System DNS resolution of 1 host. at 11:04, 0.00s elapsed
Nmap scan report for 2001:500:100:1187:250:56ff:fe09:13f8 [host down, received no-response]
Read from /home/awaters/Downloads/nmap/nmap-6.47: nmap-payloads.
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.05 seconds
           Raw packets sent: 2 (96B) | Rcvd: 2 (96B)

The problem is that UltraProbe::setIP fails to set the extra data when performing an ICMPv6 ping. Hence when 
icmp_probe_match tests ntohs(ping->id) != probe->icmpid() it fails. Fixing it, with the attached single line patch, 
fixes the problem and now produces

# nmap -6 -ddd -vvv -n -T4 -PE -sn 2001:500:100:1187:250:56ff:fe09:13f8

Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-04 11:10 GMT
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 500, min 100, max 1250
  max-scan-delay: TCP 10, UDP 1000, SCTP 10
  parallelism: min 0, max 0
  max-retries: 6, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Fetchfile found /home/awaters/Downloads/nmap/nmap-6.47/nmap-payloads
Initiating Ping Scan at 11:10
Scanning 2001:500:100:1187:250:56ff:fe09:13f8 [1 port]
Packet capture filter (device ens9): dst host 2001:500:100:1181:7eb1:d59a:e7cd:60a0 and (icmp or icmp6 or ((tcp or udp 
or sctp) and (src host 2001:500:100:1187:250:56ff:fe09:13f8)))
SENT (0.0206s) ICMPv6 (58) 2001:500:100:1181:7eb1:d59a:e7cd:60a0 > 2001:500:100:1187:250:56ff:fe09:13f8 
(type=128/code=0) ver=6, tclass=0 flow=0 payloadlen=8 nh=IPv6-ICMP hopl=255 
**TIMING STATS** (0.0206s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 500000/-1/-1
Current sending rates: 86.72 packets / s, 4162.33 bytes / s.
Overall sending rates: 86.72 packets / s, 4162.33 bytes / s.
RCVD (0.0385s) ICMPv6 (58) 2001:500:100:1187:250:56ff:fe09:13f8 > 2001:500:100:1181:7eb1:d59a:e7cd:60a0 
(type=129/code=0) ver=6, tclass=0 flow=0 payloadlen=8 nh=IPv6-ICMP hopl=63 
Found 2001:500:100:1187:250:56ff:fe09:13f8 in incomplete hosts list.
We got a ping packet back from 2001:500:100:1187:250:56ff:fe09:13f8: id = 47798 seq = 0 checksum = 60496
ultrascan_host_probe_update called for machine 2001:500:100:1187:250:56ff:fe09:13f8 state UNKNOWN -> HOST_UP (trynum 0 
time: 500631)
Moving 2001:500:100:1187:250:56ff:fe09:13f8 to completed hosts list with 0 outstanding probes.
Completed Ping Scan at 11:10, 0.51s elapsed (1 total hosts)
Overall sending rates: 1.95 packets / s, 93.73 bytes / s.
pcap stats: 1 packets received by filter, 0 dropped by kernel.
Initiating System DNS resolution of 1 host. at 11:10
Completed System DNS resolution of 1 host. at 11:10, 0.29s elapsed
DNS resolution of 1 IPs took 0.29s. Mode: System [OK: 0, ??: 1]
Nmap scan report for 2001:500:100:1187:250:56ff:fe09:13f8
Host is up, received echo-reply (0.018s latency).
Final times for host: srtt: 17939 rttvar: 17939  to: 100000
Read from /home/awaters/Downloads/nmap/nmap-6.47: nmap-payloads.
Nmap done: 1 IP address (1 host up) scanned in 0.83 seconds
           Raw packets sent: 1 (48B) | Rcvd: 1 (48B)

Regards,
Andrew

Attachment: patch
Description: 

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: