[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does nmap support IPv6 ranges now?

>>>>> Michelle Konzack <linux4michelle@tamay-dogan.net> writes:

[…]

 > Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-18 20:24 CEST
 > Invalid host expression: 2a01:4f8:d12:1300:0:0:0:0/64 -- slash not allowed.  IPv6 addresses can currently only be specified individually
 > QUITTING!

	It's the same for nmap 6.00-0.1 currently in Wheezy:

$ nmap -6 2001:db8::/64 

Starting Nmap 6.00 ( http://nmap.org ) at 2012-08-18 20:07 UTC
Invalid host expression: 2001:db8::/64 -- slash not allowed.  IPv6 addresses can currently only be specified individually
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.10 seconds
$ 

[…]

 > Any suggestions how to make a "discover" on a whole network?

 > Scanning single IPs takes forever and is no option...

 > However, I have to scan networks like

 >     2a01:4f8:d12:1300:0:0:0:RANGE
 >     2a01:4f8:d12:1300:0:0:1:RANGE
 >     2a01:4f8:d12:1300:0:0:2:RANGE

 > which mean, only /112 ranges.

	I don't know why exactly the Nmap developers have omitted the
	“range” support for IPv6, but it was my understanding that to
	scan a range one effectively has to scan every single address of
	that range, and a /112 network already has some 65536 of those!
	With or without range support in Nmap, that is likely to take a
	lot of time.

	As for the options, a simplistic GNU Awk script can be used to
	enumerate all the addresses in a range (unfortunately, an even
	simpler seq(1) doesn't fit here), like:

$ gawk 'BEGIN {
            for (i = 0; i <= 0xffff; i++) { printf("2001:db8::1:%x\n", i); }
        }' 

	Such a list may then be fed into one (or more) nmap(1)
	instances, like:

$ gawk 'BEGIN {
            for (i = 0; i <= 0xffff; i++) { printf("2001:db8::1:%x\0", i); }
        }' \
      | xargs -r0 -L16 -- nmap -6 --

	Please note that I've changed the \n in printf() above to \0 in
	order to use a more robust $ xargs -0 variant.

	OTOH, I'd suggest trying to use tcpdump(8) (or a similar tool)
	to get the addresses of the active IPv6 hosts in the network,
	then applying Nmap to those.  On a network with working IPv6
	autoconfiguration (and thus some 2⁴⁸ addresses, based on EUI-48)
	it seems like the only choice.

-- 
FSF associate member #7257	http://sf-day.org/	news:comp.unix.shell
Reply to: