[ipv6hackers] Help wanted: Nmap IPv6 OS Detection

Fernando Gont fgont at si6networks.com
Tue Sep 27 20:11:01 CEST 2011

Hi, Fyodor,

Nice to "see" you here! Please find my comments inline...

On 09/27/2011 02:41 PM, Fyodor wrote:
> Another thing we're working on (and the main point of this email) is
> IPv6 OS detection.  

Just thinking out loud: are you thinking about porting the existing IPv4
OS detection to IPv6, or are you also planning to explore (in addition)
other vectors? See, e.g.:

  Beck, F., Festor, O., Chrisment, I. 2007. IPv6 Neighbor Discovery
  Protocol based OS fingerprinting. INRIA Rapport Technique N° 0345.
  Available at:

Note: of course, in this particular case this IPv6-specific techniques
rely on ND, which means that they would not be applicable when scanning
remote systems. Nevertheless, they might still be useful when an admin
is employing nmap to asses a local network.

> STEP 2, Collecting and submitting fingerprints:
> Once you've decided what device(s) to scan, you can do so like:
> http://insecure.org/cgi-bin/submit.cgi?new-os
> We're hoping to formally release this new OS detection system as soon
> as we receive and integrate enough fingerprints to make it reliable.
> So the sooner you can get fingerprints in to us, the sooner we can
> release.  Submissions today and tomorrow would be particularly useful
> :).

I will try to submit fingerprints for my v6-enabled systems. Will also
pass your request on to other guys which might be willing to help.

> Also, the raw packet IPv6 code and the IPv6 OS detection code is very
> new.

Just wondering (before I look at the code): Does nmap employ libpcap for
most of its IPv6 functionality?

-- While working on some IPv6 tools, I found out that IPv6 raw sockets
not only are much harder than their IPv4 counterpart, but also that a
number of implementations do not employ the "ancilliary data" stuff that
would be required to forge IPv6 addresses, etc.

> I hope that improving IPv6 support in networking tools (Nmap in this
> case) will encourage greater adoption of IPv6 in general.

Thanks for this! -- The tools are really needed, and full IPv6 support
in nmap would be really great to have!

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list