Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 17 Apr 2012 17:36:47 -0500

On 04/17/2012 04:50 PM, David Fifield wrote:
On Fri, Mar 09, 2012 at 12:31:32PM -0600, Daniel Miller wrote:
On 03/09/2012 11:49 AM, Daniel Miller wrote:
List,

Here's a patch to add IPv6 address sniffing to targets-sniffer.
The major difference is changing the BPF from "ip" to "ip or ip6".
I had to add a couple checks for NDP multicast addresses to
check_if_valid, and I may have missed some other invalid IPv6
addresses.

Attaching updated patch. I was correct in thinking I missed some
addresses: All IPv6 addresses starting with 'FF' are multicast, so I
now test for that instead.
Thanks Daniel, I committed your changes.

As for checking for an IPv6 multicast address, I think your check fails
for an address that starts ff1:, for example. (Because that is really
0ff1.) Could you try using host.bin_ip instead?

David Fifield

Thanks for accepting this. Unfortunately, host.bin_ip is not available for sniffed addresses, but I could check the binary addresses first, then convert them to text before inserting into the table. I think an easier option may be to be more explicit with the pattern match:
Index: scripts/targets-sniffer.nse
===================================================================
--- scripts/targets-sniffer.nse    (revision 28490)
+++ scripts/targets-sniffer.nse    (working copy)
@@ -49,7 +49,7 @@

   if address == local_address
     or address == broadcast or address == "255.255.255.255"
-    or address:match('^ff') --IPv6 Multicast addrs
+    or address:match('^ff..:') --IPv6 Multicast addrs
     then
     return false
   else

In answer to your question in the other message, changing the BPF based on the scan address family would be simple, but I prefer to see output for all information collected. The -6 option means to me that I will SEND ipv6 probes. Other scripts extract IPv4 addresses from targets (mdns, etc), so this is consistent there.

Thanks again!
Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]