Mention ND ping scan in refguide.

docs/refguide.xml

@@ -348,10 +348,15 @@ you would expect.</para>
 
     <para>If no host discovery options are given, Nmap sends an ICMP
     echo request, a TCP SYN packet to port 443, a TCP ACK packet to
-    port 80, and an ICMP timestamp request. These defaults are
+    port 80, and an ICMP timestamp request. (For IPv6, the ICMP
+    timestamp request is omitted because it is not part of ICMPv6.)
+    These defaults are
     equivalent to the <option>-PE -PS443 -PA80 -PP</option> options.
-    An exception to this is that an ARP scan is used for any targets
-    which are on a local ethernet network. For unprivileged Unix shell
+    The exceptions to this are the ARP (for IPv4) and Neighbor
+    Discovery<indexterm><primary>Neighbor Discovery</primary><secondary>for host discovery</secondary></indexterm>
+    (for IPv6)
+    scans which are used for any targets on a local ethernet network.
+    For unprivileged Unix shell
     users, the default probes are a SYN packet to ports 80 and 443 using
     the <function>connect</function> system
     call.<indexterm><primary>unprivileged users</primary><secondary>limitations of</secondary></indexterm>
@@ -362,8 +367,8 @@ you would expect.</para>
     <para>The <option>-P*</option> options (which select
     ping types) can be combined.  You can increase your odds of
     penetrating strict firewalls by sending many probe types using
-    different TCP ports/flags and ICMP codes.  Also note that ARP
-    discovery
+    different TCP ports/flags and ICMP codes.  Also note that
+    ARP/Neighbor Discovery
     (<option>-PR</option>)<indexterm><primary><option>-PR</option></primary></indexterm>
     is done by default against
     targets on a local ethernet network even if you specify other