New Nmap probes IPv6 networks

Preparing for the eventual widespread conversion to IPv6, the Nmap Project has updated its namesake security scanning tool so it can scan IPv6 networks using a variety of novel techniques.

Nmap Security Scanner version 6.0 is the first major update for the free, open source security-testing tool since version 5 was released in 2009, and features some major updated and new features, as well as a variety of cosmetic changes and performance improvements. Overall, the project and associated volunteers have made more than 3,900 changes to the code base.

The project has timed the release of Nmap 6.0 to coincide with this year’s World IPv6 Launch, in which a variety of Internet Service Providers and Web companies — such as Comcast, AT&T, Facebook and Google — pledge to offer IPv6 services. Organized by the Internet Society, World IPv6 Launch day will be held June 6 this year.

In addition to IPv6 support, the updated software comes with improvements to the scripting engine and the GUI (graphical user interface). It can also scan a network more quickly and deliver more information about Web hosts. It also comes with a new tool to generate packets and analyze results.

Nmap, short for Network Mapper, is a tool for gathering more information about all the nodes on a network. Although primarily designed for security testing, Nmap is also used by system administrators to inventory the resources on their networks. Using IP packets, it identifies what operating system a host uses, if there are firewalls in place, what ports are open, and a great deal of other related information.

Earlier versions of Nmap offered some IPv6 tools, namely port scans, basic host discovery, version detection, and use of the scripting engine. This release expands upon these capabilities offering a traceroute utility, a neighbor-discovery ping utility and the ability to detect operating systems.

Nmap also expands upon the number of ways that it can scan a IPv6 network. Because even a smaller network’s IPv6 address space is too large to scan on a possible address-by-address basis, this software uses a number of novel techniques to find hosts, by clever use of multicasting, invalid header addresses, and other techniques.

Much work has been done on improving the Nmap Scripting Engine (NSE). NSE allows users to compose and run scripts that automate routine tasks, such as discovering hosts and querying devices for configuration information. The project has organized the underlying infrastructure for the engine, and added 289 scripts.

Nmap 6.0 also comes with a new tool called Nping that generates and sends out packets, as well as analyzes the results of how quickly hosts respond to these packets. It can be used to detect hosts on a network through a variety of different protocols. It can also be used to stress test networks and to better understand firewalls.

Nmap binaries are available for Linux, Windows, and Mac OS X. Although it runs from the command line, Nmap also includes a GUI (Graphical User Interface) called Zenmap, which has been redesigned for this release.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab’s e-mail address is Joab_Jackson@idg.com