Nmap Development mailing list archives
Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6
From: David Fifield <david () bamsoftware com>
Date: Tue, 17 Apr 2012 15:48:49 -0700
On Tue, Apr 17, 2012 at 05:36:47PM -0500, Daniel Miller wrote:
On 04/17/2012 04:50 PM, David Fifield wrote:On Fri, Mar 09, 2012 at 12:31:32PM -0600, Daniel Miller wrote:On 03/09/2012 11:49 AM, Daniel Miller wrote:List, Here's a patch to add IPv6 address sniffing to targets-sniffer. The major difference is changing the BPF from "ip" to "ip or ip6". I had to add a couple checks for NDP multicast addresses to check_if_valid, and I may have missed some other invalid IPv6 addresses.Attaching updated patch. I was correct in thinking I missed some addresses: All IPv6 addresses starting with 'FF' are multicast, so I now test for that instead.Thanks Daniel, I committed your changes. As for checking for an IPv6 multicast address, I think your check fails for an address that starts ff1:, for example. (Because that is really 0ff1.) Could you try using host.bin_ip instead?Thanks for accepting this. Unfortunately, host.bin_ip is not available for sniffed addresses, but I could check the binary addresses first, then convert them to text before inserting into the table. I think an easier option may be to be more explicit with the pattern match:
I think you should rather check the binary address or use ipOps.get_parts_as_number then. I can't think of an obvious way that the textual matching would break, but it seems iffy.
In answer to your question in the other message, changing the BPF based on the scan address family would be simple, but I prefer to see output for all information collected. The -6 option means to me that I will SEND ipv6 probes. Other scripts extract IPv4 addresses from targets (mdns, etc), so this is consistent there.
That sounds reasonable. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 David Fifield (Apr 17)
- <Possible follow-ups>
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 David Fifield (Apr 17)
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 Daniel Miller (Apr 17)
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 David Fifield (Apr 17)
- Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6 Daniel Miller (Apr 17)