mailing list archives
Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 17 Apr 2012 17:36:47 -0500
On 04/17/2012 04:50 PM, David Fifield wrote:
Thanks for accepting this. Unfortunately, host.bin_ip is not available
for sniffed addresses, but I could check the binary addresses first,
then convert them to text before inserting into the table. I think an
easier option may be to be more explicit with the pattern match:
On Fri, Mar 09, 2012 at 12:31:32PM -0600, Daniel Miller wrote:
On 03/09/2012 11:49 AM, Daniel Miller wrote:
Here's a patch to add IPv6 address sniffing to targets-sniffer.
The major difference is changing the BPF from "ip" to "ip or ip6".
I had to add a couple checks for NDP multicast addresses to
check_if_valid, and I may have missed some other invalid IPv6
Attaching updated patch. I was correct in thinking I missed some
addresses: All IPv6 addresses starting with 'FF' are multicast, so I
now test for that instead.
Thanks Daniel, I committed your changes.
As for checking for an IPv6 multicast address, I think your check fails
for an address that starts ff1:, for example. (Because that is really
0ff1.) Could you try using host.bin_ip instead?
--- scripts/targets-sniffer.nse (revision 28490)
+++ scripts/targets-sniffer.nse (working copy)
@@ -49,7 +49,7 @@
if address == local_address
or address == broadcast or address == "255.255.255.255"
- or address:match('^ff') --IPv6 Multicast addrs
+ or address:match('^ff..:') --IPv6 Multicast addrs
In answer to your question in the other message, changing the BPF based
on the scan address family would be simple, but I prefer to see output
for all information collected. The -6 option means to me that I will
SEND ipv6 probes. Other scripts extract IPv4 addresses from targets
(mdns, etc), so this is consistent there.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/