Nmap Development mailing list archives
Re: EXPERT IPv6 network scaning
From: David Fifield <david () bamsoftware com>
Date: Sun, 8 Apr 2012 23:59:39 -0700
On Mon, Apr 09, 2012 at 08:53:36AM +0200, Patrik Karlsson wrote:
Initiating NSE at 20:01 NSOCK (0.0380s) PCAP requested on device 'br0' with berkeley filter 'ip6[40:1] == 58' (promisc=0 snaplen=1500 to_ms=200) (IOD #1) NSOCK (0.0380s) PCAP created successfully on device 'br0' (pcap_desc=5 bsd_hack=0 to_valid=1 l3_offset=14) (IOD #1) NSOCK (0.1410s) Pcap read request from IOD #1 EID 13 NSOCK (0.1410s) Callback: READ-PCAP SUCCESS for EID 13 NSE: Error while parsing IPv6 extension headers. NSOCK (0.1410s) Pcap read request from IOD #1 EID 21 NSOCK (10.1410s) Callback: READ-PCAP TIMEOUT for EID 21 NSE: > | CLOSE NSE: Finished targets-ipv6-mld. NSE: Finished targets-ipv6-mld. Completed NSE at 20:01, 10.10s elapsed NSOCK (10.1410s) nsi_delete() (IOD #1) NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read from /home/david/nmap-git: nmap-services. WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 10.15 seconds Raw packets sent: 0 (0B) | Rcvd: 0 (0B) NSOCK (10.1410s) nsi_delete() (IOD #1) Here's what tcpdump sees (just one packet): 20:03:31.628811 IP6 fe80::1e6f:65ff:feb6:cad3 > ff02::1: HBH ICMP6, multicast listener querymax resp delay: 0 addr: ::, length 24 0x0000: 6000 0000 0020 0001 fe80 0000 0000 0000 `............... 0x0010: 1e6f 65ff feb6 cad3 ff02 0000 0000 0000 .oe............. 0x0020: 0000 0000 0000 0001 3a00 0502 0000 0100 ........:....... 0x0030: 8200 322f 0000 0000 0000 0000 0000 0000 ..2/............ 0x0040: 0000 0000 0000 0000 ........The script works great for me, although it finds less hosts than the other targets-ipv6-multicast scripts do. Initially I though it could be a Mac OS X thing, but based on then I saw Dells, and Sonys among the sample Niteesh sent, so it's probably not that. I just tried to change the first byte in the payload from 00 to something else and it gave me an additional host. I'm not sure what's happening for you David? Maybe someone else on the list could give the script a go and report back?
I don't know what it is either, but the message "NSE: Error while parsing IPv6 extension headers" looks like a bug. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 06)
- Re: EXPERT IPv6 network scaning Patrik Karlsson (Apr 06)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 06)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 06)
- Re: EXPERT IPv6 network scaning Patrik Karlsson (Apr 08)
- Re: EXPERT IPv6 network scaning David Fifield (Apr 08)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 08)
- Re: EXPERT IPv6 network scaning Patrik Karlsson (Apr 08)
- Re: EXPERT IPv6 network scaning David Fifield (Apr 08)
- Re: EXPERT IPv6 network scaning Patrik Karlsson (Apr 09)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 09)
- Re: EXPERT IPv6 network scaning Patrik Karlsson (Apr 09)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 10)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 10)
- Re: EXPERT IPv6 network scaning David Fifield (Apr 10)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 11)
- Re: EXPERT IPv6 network scaning David Fifield (Apr 11)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 12)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 16)
- Re: EXPERT IPv6 network scaning niteesh kumar (Apr 06)
- Re: EXPERT IPv6 network scaning Patrik Karlsson (Apr 06)