New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nping: generates incorrect bpf filter expression for IPv6 ICMP #1261

Open
cpatulea opened this Issue Jul 5, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@cpatulea

cpatulea commented Jul 5, 2018

$ nping --version
Nping version 0.6.40 ( http://nmap.org/nping )

IPv4:
$ sudo nping --debug -e eth0 --icmp --icmp-type echo 8.8.8.8
...
BPF-filter: (not src host 104.131.51.57 and dst host 104.131.51.57) and ((icmp and icmp[icmptype] = 0) or (icmp and (icmp[icmptype] = 3 or icmp[icmptype] = 4 or icmp[icmptype] = 5 or icmp[icmptype] = 11 or icmp[icmptype] = 12)) )

IPv6:
$ sudo nping --debug -e eth0 -6 --icmp --icmp-type echo 2607:f8b0:400d:c0d::1a
...
BPF-filter: (not src host :: and dst host ::) and ((icmp and icmp[icmptype] = 0) or (icmp and (icmp[icmptype] = 3 or icmp[icmptype] = 4 or icmp[icmptype] = 5 or icmp[icmptype] = 11 or icmp[icmptype] = 12)) )
Opening pcap device eth0
libnsock nsock_pcap_open(): PCAP requested on device 'eth0' with berkeley filter '(not src host :: and dst host ::) and ((icmp and icmp[icmptype] = 0) or (icmp and (icmp[icmptype] = 3 or icmp[icmptype] = 4 or icmp[icmptype] = 5 or icmp[icmptype] = 11 or icmp[icmptype] = 12)) )' (promisc=0 snaplen=8192 to_ms=200) (IOD #1)
Error opening capture device eth0 --> Error compiling our pcap filter: expression rejects all packets

Exactly as reported in:
https://www.reddit.com/r/nmap/comments/3ptky8/is_nping_sending_the_incorrect_icmpv6type_values/

Correct filter tokens for ICMP6 are:
icmp6 - protocol itself
ip6[40] - icmp type
https://hauweele.net/~gawen/blog/?p=1053

@cpatulea

This comment has been minimized.

cpatulea commented Jul 5, 2018

ICMP filter expression is built here:

/* We have an specific ICMP type to look for */

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment