Home page logo

nmap-dev logo Nmap Development mailing list archives

Special IPv6 Nmap Release: 5.52.IPv6.Beta2
From: Fyodor <fyodor () insecure org>
Date: Wed, 8 Jun 2011 00:11:20 -0700

Hi Folks!  As you know, David has been working for a long time to
improve Nmap's IPv6 support and SoC students Xu Weilin and Luis
MartinGarcia have been helping as well.  Today is World IPv6 Day and
so we're pleased to announce that this work is ready for testing!  We
just merged it into the /nmap trunk and we have built an experimental
5.52.IPv6.Beta2 release for you to play with.

Of course Nmap has supported IPv6 since long before it was trendy.  We
added initial support in 2002 and made sure that later features such
as version detection and the Nmap Scripting Engine supported it as
well.  So you have long been able to scan IPv6 addresses by simply
adding the "-6" option, but there were significant limitations.  In
particular, raw packet scans (SYN scan, UDP scan, ICMP ping packets,
etc.) were not supported.  I'm happy to report that we removed that
limitation today!  David also added --traceroute support.

I added IPv6 support to scanme.nmap.org (the machine set up for scan
testing) a few weeks ago, so you can test this new functionality with
a command like:

nmap -6 -A -T4 -v scanme.nmap.org

There are some notes and provisos you should be aware of:

  o OS detection isn't yet supported.  That is a huge task (requires
    an all-new database), but we're working hard on it.

  o Protocol scan (-sO) isn't yet supported.

  o IPv6 CIDR address notation isn't yet supported (it is rarely useful
    due to the size of IPv6 networks, but we plan to add it anyway).

  o Neighbor Discovery-based host discovery (analog to ARP scan) isn't
    yet supported.

  o Multicast host discovery isn't yet supported.

  o Windows Teredo tunnels (a system for tunneling IPv6 to systems
    which don't support it natively) are not supported by the raw
    system, but you can still use -6 with --unprivileged to scan through
    those interfaces.

  o When scanning link local IPv6 addresses (they start with fe80),
    you might need to put the interface name at the end like you
    sometimes do with ping6 and other system IPv6 tools
    (e.g. fe80::9afc:22ee:bc91:3e1d%eth0)

You can compile and run the new code from our SVN repository
(http://nmap.org/book/install.html#inst-svn) or you can download
5.52.IPv6.Beta2.  Since this is an experimental release, we haven't
linked to it from the Nmap download page.  But you can find the
various package formats here:

Source code tarballs:
 tar.bz2: http://nmap.org/dist/nmap-5.52.IPv6.Beta2.tar.bz2
    .tgz: http://nmap.org/dist/nmap-5.52.IPv6.Beta2.tgz

Windows packages:
 self-installer: http://nmap.org/dist/nmap-5.52.IPv6.Beta2-setup.exe
 win32 zip file: http://nmap.org/dist/nmap-5.52.IPv6.Beta2-win32.zip

Mac OS X installer:

Linux 32-bit RPMs:

Linux 64-bit RPMs:

Zenmap and SRC RPM:

For more details on how to install any of these package formats, see

Enjoy the new release, and please do report any bugs (especially IPv6
ones) discovered!  See http://nmap.org/book/man-bugs.html.

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Special IPv6 Nmap Release: 5.52.IPv6.Beta2 Fyodor (Jun 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]