RE: 2 ideas for NMAP, 1 open question

["Rouland, Chris (ISSAtlanta)" <CRouland () iss net>]

For your open question, as a followup, has anyone actually calculated how
long it will take to scan a chunk of IPv6 space?

-----Original Message-----
From: Fyodor [mailto:fyodor () insecure org] 
Sent: Friday, May 24, 2002 3:29 AM
To: nmap-dev () insecure org
Cc: Lamont Granquist
Subject: 2 ideas for NMAP, 1 open question


[ I'm redirecting this to nmap-dev since they are development comments and
so that people can respond immediately without moderation hassles
:)  -Fyodor ]

----- Forwarded message from Lamont Granquist <lamont () scriptkiddie org>
-----

Date: Fri, 24 May 2002 00:12:12 -0700 (PDT)
From: Lamont Granquist <lamont () scriptkiddie org>
To: <nmap-hackers () insecure org>
Subject: 2 ideas for NMAP, 1 open question


ARP scan.

I've noticed that this is what happens anyways when you do a TCP or ICMP
scan on your local network (just think about it for a second).  You could
just cut to the chase and do this directly.  Ideally do it massively
parallel as well, so that you can do a fast local network discovery. Really
NMAP should know what networks are on your local interfaces and you should
be able to specify just with a couple switches that you want to do a
complete local network discovery.

Libnet

I talked with Fyodor about this way back and the problem here is that many
people use NMAP on non-ethernet networks.  That means that if you use Libnet
and link-layer output in some circumstances you need to code it very
carefully so that you fall back to raw sockets in other cases.  You should
only extend NMAP and not break it for anyone.  Also, in a lot of
circumstances it should be possible to implement features both using raw
sockets and link-layer output, NMAP should provide switches so the user
could choose (based on architecture and version, one or the other might be
broken).  Libnet might make ARP scanning a lot easier to implement, and I
think the link-layer output could be useful in other circumstances to play
with.

I tried doing both of the above in some prototype code for a stand-alone
scanner, but it needs to get rewritten and cleaned up, and I don't have the
time.  I definitely don't have the time to try to figure out how to get it
into NMAP.

IPv6

Anyone got any ideas for how to ping sweep an entire 64-bit address space,
corresponding to one network?  IPv6 seems to pose some interesting
challenges.



----- End forwarded message -----

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).