mailing list archives
Special IPv6 Nmap Release: 5.52.IPv6.Beta2
From: Fyodor <fyodor () insecure org>
Date: Wed, 8 Jun 2011 00:11:20 -0700
Hi Folks! As you know, David has been working for a long time to
improve Nmap's IPv6 support and SoC students Xu Weilin and Luis
MartinGarcia have been helping as well. Today is World IPv6 Day and
so we're pleased to announce that this work is ready for testing! We
just merged it into the /nmap trunk and we have built an experimental
5.52.IPv6.Beta2 release for you to play with.
Of course Nmap has supported IPv6 since long before it was trendy. We
added initial support in 2002 and made sure that later features such
as version detection and the Nmap Scripting Engine supported it as
well. So you have long been able to scan IPv6 addresses by simply
adding the "-6" option, but there were significant limitations. In
particular, raw packet scans (SYN scan, UDP scan, ICMP ping packets,
etc.) were not supported. I'm happy to report that we removed that
limitation today! David also added --traceroute support.
I added IPv6 support to scanme.nmap.org (the machine set up for scan
testing) a few weeks ago, so you can test this new functionality with
a command like:
nmap -6 -A -T4 -v scanme.nmap.org
There are some notes and provisos you should be aware of:
o OS detection isn't yet supported. That is a huge task (requires
an all-new database), but we're working hard on it.
o Protocol scan (-sO) isn't yet supported.
o IPv6 CIDR address notation isn't yet supported (it is rarely useful
due to the size of IPv6 networks, but we plan to add it anyway).
o Neighbor Discovery-based host discovery (analog to ARP scan) isn't
o Multicast host discovery isn't yet supported.
o Windows Teredo tunnels (a system for tunneling IPv6 to systems
which don't support it natively) are not supported by the raw
system, but you can still use -6 with --unprivileged to scan through
o When scanning link local IPv6 addresses (they start with fe80),
you might need to put the interface name at the end like you
sometimes do with ping6 and other system IPv6 tools
You can compile and run the new code from our SVN repository
(http://nmap.org/book/install.html#inst-svn) or you can download
5.52.IPv6.Beta2. Since this is an experimental release, we haven't
linked to it from the Nmap download page. But you can find the
various package formats here:
Source code tarballs:
win32 zip file: http://nmap.org/dist/nmap-5.52.IPv6.Beta2-win32.zip
Mac OS X installer:
Linux 32-bit RPMs:
Linux 64-bit RPMs:
Zenmap and SRC RPM:
For more details on how to install any of these package formats, see
Enjoy the new release, and please do report any bugs (especially IPv6
ones) discovered! See http://nmap.org/book/man-bugs.html.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Special IPv6 Nmap Release: 5.52.IPv6.Beta2 Fyodor (Jun 08)