Nmap Development mailing list archives

Re: OS X Lion and IPv6

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 11 Mar 2012 23:24:46 +0100

On Sun, Mar 11, 2012 at 9:23 PM, Dario Ciccarone <dciccaro () cisco com> wrote:

Patrik:

   Inline:

On 3/11/12 6:33 AM, Patrik Karlsson wrote:

Hi list,

It appears that I have two problems when scanning IPv6 addresses from Mac
OS X Lion.
The first has to do with link-local addresses where I always have to add
the zone index. This isn't a big problem when adding an IP or two, but

when

scripts add IPv6 targets or when running against some sort of list, it

does

become a problem. This occurs even though I specify the interface using

-e.
Confirm. To clarify - w/o specifying an output interface, this is
correct - you will always need to specify the zone ID. But when
specifying the output interface too, nmap could be "optimized" to then
understand that if you're specifying a link-local address together with
an output interface, then your zone id should be the specified interface.

Though this would need to be implemented differently between OSes - for
Linux, OS/X, output interface can be mapped to zone id. For Windows it
would need a bit of extra working (though I don't use nmap on Windows,
so I have no clue how you specify the output interface on Windows)


Ok, I guess it probably already is implemented to some extent, I haven't
looked into in much detail though
If it wasn't I guess scripts like argets-ipv6-multast-slaac wouldn't work
on any platform, which I'm pretty sure it does, even though I can't get it
to work on OS X Lion.


The second problem occurs when scanning "external" IPv6 addresses. What
happens is that I can't scan these addresses as root (this works for
link-local addresses though).
The error message I'm seeing is (nexthost: failed to determine route to
<ipv6 addr>). It's possible to scan the same IPv6 address as a non
privileged user but as root it always fails. I've tried adding a zone

index

or specifying the interface with -e or forcing a TCP scan rather than a

SYN

scan, but the scan always fails with the same message.

Confirm. Fails when running nmap as root, works as a non-root user.

You have another email on this issue - I'll be replying to that one too  :)


Ok, thanks for testing!

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

OS X Lion and IPv6 Patrik Karlsson (Mar 11)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)
  - Re: OS X Lion and IPv6 Dario Ciccarone (Mar 11)
    - Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)
- Re: OS X Lion and IPv6 Dario Ciccarone (Mar 11)
  - Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)
  - Re: OS X Lion and IPv6 Patrik Karlsson (Mar 12)
- Re: OS X Lion and IPv6 David Fifield (Mar 26)
- Re: OS X Lion and IPv6 David Fifield (Mar 26)
  - Re: OS X Lion and IPv6 Patrik Karlsson (Mar 26)