mirror of
https://github.com/nmap/nmap.git
synced 2025-12-29 19:09:01 +00:00
d8ce681711
The packet construction had a bug that made it more effective in at least one case for me. Weilin had supplied a 16-byte destination options buffer, including some random bytes from a packet capture. But the length of buffer was set incorrectly in the packet, making it look like it was 8 bytes instead of 16. Therefore the expected ICMPv6 packet started in the middle of the buffer, making it appear to have a type/code of 254/24 instead of 128/0 as expected. I tried setting the proper length, while keeping the invalid destination option, but then stopped getting a Parameter Problem response. I also tried setting a proper destination options buffer with no invalid options, followed by ICMPv6 with type/code of 128/0, and again got no response. It appears that I get a response only when both of these conditions are satisfied: 1) an invalid destination option exists, and 2) the ICMPv6 type is unknown. This is against OS X. The probe was being effective by accident, but now I've simplified it and documented these strange conditions. This breaks any hosts that might have ignored the invalid destination option (which they shouldn't do) and replied to the echo request. But we have targets-ipv6-multicast-echo for that.
4.6 KiB
4.6 KiB