Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r26641 - nmap
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Oct 2011 10:03:48 -0700

On Thu, Oct 06, 2011 at 01:05:15PM +0300, Toni Ruottu wrote:
Some other tools I have seen use heuristic, with -4 and -6 for forcing
the use of IPv4 or IPv6. Would that make sense?

I tdon't think other tools are using that heuristic. Rather they just
use whatever getaddrinfo returns to them, which will be IPv4 for IPv4
addresses, IPv6 for IPv6 addresses, and something system-dependent for
host names. A difference between Nmap and some other tools is that some
other tools only handle one target at a time, so -4 or -6, while
nominally global options, only apply to a single address.

RFC 3484 has an algorithm for deciding to use an IPv4 address or IPv6
address when both are available. You can configure getaddrinfo manually
by editing /etc/gai.conf. My Debian system seems to prefer global IPv6
addresses, for example when I SSH to one of my dual-stack servers it
uses IPv6 unless I also use the -4 option.

For what it's worth I think Nmap should be able to handle IPv4 and IPv6
in a single invocation. I think programs like ping6 and traceroute6 are
kluges that shouldn't exist. They aren't separate programs on every
platform: on Windows and Solaris the ping program handles both families,
and you don't even need -6 to allow an IPv6 address. (In case of
ambiguity it probably does something similar to /etc/gai.conf.) A good
use case for mixed—address family scanning is targets-sniffer.nse:
listen to the network and then scan everything.

The only question is what to do in this case:
        nmap scanme.nmap.org 2001:500:88:200::10
Should scanme.nmap.org be resolved as IPv4 or IPv6? Some options are
        1) Always preferentially use IPv4.
        2) Always preferentially use IPv6.
        3) Use the getaddrinfo policy.
Also, what then should -4 or -6 mean? They could either simply prefer a
certain address family, or forbid all other address families. What would
you do if you wanted to scan both the IPv4 and IPv6 addresses of

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]