mailing list archives
Re: [NSE][patch] targets-sniffer: sniff IPv6 addresses, fix newtargets for -6
From: David Fifield <david () bamsoftware com>
Date: Tue, 17 Apr 2012 15:48:49 -0700
On Tue, Apr 17, 2012 at 05:36:47PM -0500, Daniel Miller wrote:
On 04/17/2012 04:50 PM, David Fifield wrote:
On Fri, Mar 09, 2012 at 12:31:32PM -0600, Daniel Miller wrote:
On 03/09/2012 11:49 AM, Daniel Miller wrote:
Here's a patch to add IPv6 address sniffing to targets-sniffer.
The major difference is changing the BPF from "ip" to "ip or ip6".
I had to add a couple checks for NDP multicast addresses to
check_if_valid, and I may have missed some other invalid IPv6
Attaching updated patch. I was correct in thinking I missed some
addresses: All IPv6 addresses starting with 'FF' are multicast, so I
now test for that instead.
Thanks Daniel, I committed your changes.
As for checking for an IPv6 multicast address, I think your check fails
for an address that starts ff1:, for example. (Because that is really
0ff1.) Could you try using host.bin_ip instead?
Thanks for accepting this. Unfortunately, host.bin_ip is not
available for sniffed addresses, but I could check the binary
addresses first, then convert them to text before inserting into the
table. I think an easier option may be to be more explicit with the
I think you should rather check the binary address or use
ipOps.get_parts_as_number then. I can't think of an obvious way that the
textual matching would break, but it seems iffy.
In answer to your question in the other message, changing the BPF
based on the scan address family would be simple, but I prefer to
see output for all information collected. The -6 option means to me
that I will SEND ipv6 probes. Other scripts extract IPv4 addresses
from targets (mdns, etc), so this is consistent there.
That sounds reasonable.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/