Nmap Development mailing list archives
Re: OS X Lion and IPv6
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 11 Mar 2012 23:24:46 +0100
On Sun, Mar 11, 2012 at 9:23 PM, Dario Ciccarone <dciccaro () cisco com> wrote:
Patrik: Inline: On 3/11/12 6:33 AM, Patrik Karlsson wrote:Hi list, It appears that I have two problems when scanning IPv6 addresses from Mac OS X Lion. The first has to do with link-local addresses where I always have to add the zone index. This isn't a big problem when adding an IP or two, butwhenscripts add IPv6 targets or when running against some sort of list, itdoesbecome a problem. This occurs even though I specify the interface using-e. Confirm. To clarify - w/o specifying an output interface, this is correct - you will always need to specify the zone ID. But when specifying the output interface too, nmap could be "optimized" to then understand that if you're specifying a link-local address together with an output interface, then your zone id should be the specified interface. Though this would need to be implemented differently between OSes - for Linux, OS/X, output interface can be mapped to zone id. For Windows it would need a bit of extra working (though I don't use nmap on Windows, so I have no clue how you specify the output interface on Windows)
Ok, I guess it probably already is implemented to some extent, I haven't looked into in much detail though If it wasn't I guess scripts like argets-ipv6-multast-slaac wouldn't work on any platform, which I'm pretty sure it does, even though I can't get it to work on OS X Lion.
The second problem occurs when scanning "external" IPv6 addresses. What happens is that I can't scan these addresses as root (this works for link-local addresses though). The error message I'm seeing is (nexthost: failed to determine route to <ipv6 addr>). It's possible to scan the same IPv6 address as a non privileged user but as root it always fails. I've tried adding a zoneindexor specifying the interface with -e or forcing a TCP scan rather than aSYNscan, but the scan always fails with the same message.Confirm. Fails when running nmap as root, works as a non-root user. You have another email on this issue - I'll be replying to that one too :)
Ok, thanks for testing! //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- OS X Lion and IPv6 Patrik Karlsson (Mar 11)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)
- Re: OS X Lion and IPv6 Dario Ciccarone (Mar 11)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)
- Re: OS X Lion and IPv6 Dario Ciccarone (Mar 11)
- Re: OS X Lion and IPv6 Dario Ciccarone (Mar 11)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 12)
- Re: OS X Lion and IPv6 David Fifield (Mar 26)
- Re: OS X Lion and IPv6 David Fifield (Mar 26)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 26)
- Re: OS X Lion and IPv6 Patrik Karlsson (Mar 11)