Re: EXPERT IPv6 network scaning

[David Fifield <david () bamsoftware com>]

On Sun, Apr 22, 2012 at 03:19:02AM +0200, Patrik Karlsson wrote:
> On Tue, Apr 17, 2012 at 11:25 PM, David Fifield <david () bamsoftware com>wrote:
> > This is another good idea. You could even just try stuffing the MAC
> > address into the EUI-64 format and try pinging it.
>
> I gave this a try and ran into some problems.
> First, making this a target script proved difficult as the script makes use
> of both ipv4 and ipv6.
> In the attached script I do discovery by adding a hostrule that stores the
> MAC of scanned ipv4 hosts where it detects it.
> Trying to add the ipv6 address at this point fails as nmap is running in
> ipv4 mode.
>
> In the postrule, I try to ping the EUI-64 address, which also turned out to
> be difficult, as in order to create the raw icmp ping, we need the source
> ipv6 address. We can't get that, as get_interface_info will use the current
> socket family to retrieve info.
> I modified the get_interface_info to take a second optional argument
> ("inet" or "inet6") to override the current socket family.
>
> So the resulting script does find ipv6 addresses by detecting the MAC of
> scanned ipv4 LAN hosts.
> However, it only lists them and does not add them to the scan queue.
>
> I'm attaching both the script and the patch, any comments or suggestions
> would be great.

Thank you for checking this out. I'm going to suggest that we table the
idea until Nmap is able to handle IPv4 and IPv6 in the same invocation,
so that the script can work naturally.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/