Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ipv6-node-info script

From: David Fifield <david () bamsoftware com>
Date: Mon, 31 Oct 2011 13:28:38 -0700
On Mon, Oct 31, 2011 at 08:00:11PM +0100, Patrik Karlsson wrote:

On Sat, Oct 29, 2011 at 9:48 PM, David Fifield <david () bamsoftware com>wrote:


Hi,

I have just committed a new script, ipv6-node-info. This script gets
hostnames, IPv4 and IPv6 addresses using Node Information queries from
RFC 4620. Sample output looks like this:

| ipv6-node-info:
|   Hostnames: mac-mini.local
|   IPv6 addresses: fe80::a8bb:ccff:fedd:eeff, 2001:db8:1234:1234::3
|_  IPv4 addresses: (actually hostnames) mac-mini.local

Luis and I discovered Node Information queries while developing the IPv6
OS engine (one of the OS probes is a NI query). I have only been able to
get this script to work against Mac OS X on a link-local address. It
doesn't seem to work when run against a routed address. The fingerprints
we've gotten so far indicate that it should also work against some
versions of OpenBSD and Apple iOS.

The "actually hostnames" above is because of an apparent bug where OS X
returns a list of host names instead of a list of IPv4 addresses. The
script checks for this and inserts "actually hostnames" when it detects
that.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



I've tested this script from OS X 10.7.2 against OS X 10.7.2.
I'm seeing "sendmsg: No route to host" from the script, however Nmap show
some open ports.
I've tried supplying %en0 at the end of the address and setting -e en0 as
argument.


This is because of a bug in the send_ip function. It extracts the
destination address from the packet buffer, which does not contain
enough information to recover the IPv6 scope_id.

Nmap's internal packet sending functions used to work this way too, and
I had to overhaul them in r26621 so that they take an explicit
destination sockaddr. ip_send needs to work the same way.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: