May 17, 2022

Scanning IPv6 with Nmap

Nmap is amongst the popular network discovery utilities discovering hosts and services on the network. This article provides a walkthrough for getting started with Nmap for scanning IPv6 addresses.

Table of Contents

Introduction

Before we begin

Setting up Nmap

Scanning IPv6 with Nmap

      Consideration for address ranges

Conclusion

Other Articles in this Series

Introduction

In our listicle on Tools for Scanning IPv6 networks we had shared some open source tools that can be used for scanning IPv6 networks. In this article, we will take a look at our first tool in the list - Nmap.

Nmap is a popular open source utility for performing network discovery and network security auditing. The utility can be used to identify hosts and services on a network and is considered a core part of any security auditor’s toolkit.

With Nmap you can scan for both IPv4 and IPv6 networks. This article is a hands-on guide for getting started with Nmap for scanning IPv6.

Note: Make sure that the scans are conducted on the networks where you are allowed to do so with appropriate permissions.

Before we begin

Access to an IPv6-enabled network is required in order to utilise Nmap’s IPv6 scanning capabilities. To verify that your system and network are properly configured to have IPv6 access, you can run either of the following commands:

  1. ip -6 addr
ip -6 addr
  1. ifconfig | grep inet6
ifconfig | grep inet6

Setting up Nmap

In this section we will go through the steps for setting up Nmap on the system. Here, we will install Nmap on Ubuntu. On systems with Ubuntu, the package manager can be used to install Nmap.

Run the following commands in your terminal to install Nmap:

  1. sudo apt update
  2. sudo apt install nmap
Run the following commands in your terminal to install Nmap:

Alternatively, it’s also possible to install Nmap from the Snap Store or by using the Snap package manager.

If you don’t already have Snap installed, run the following commands:

  1. sudo apt update
  2. sudo apt install snapd
  3. sudo snap install core

After that, run the following command for installing Nmap:

  • sudo snap install nmap
sudo snap install nmap

The Nmap project website provides installer packages and compiled binaries for various operating systems as well as for several popular Linux distributions. Installation guides for various operating systems and environments can be found in case you are using a different operating system.

Scanning IPv6 with Nmap

Nmap can be used to scan IPv6 addresses for open ports. To do this, the `-6` option must be supplied along with any other options and arguments for the scan. Refer to the command below for an example:

  • nmap -6 ipv6.google.com

nmap -6 ipv6.google.com

The above command will perform a regular scan of the IPv6 address for the “ipv6.google.com” host.

All Nmap functionalities can be utilised for IPv6 scanning in the same way we use it for IPv4 scanning. For example, providing “-p 80” as an argument along with the nmap command for IPv6 will only scan port 80 on the host.

All Nmap functionalities can be utilised for IPv6 scanning in the same way we use it for IPv4 scanning

Consideration for address ranges

While scanning a large set of IPv4 addresses may be a relatively quick process, scanning IPv6 addresses in practice is much slower. This is due to the larger address space of IPv6. When dealing with IPv6 addresses, if you use Nmap primarily for performing service detection and port scanning on already discovered hosts, instead of port scanning for the purpose of discovering hosts, it can save a lot of time.

Conclusion

In this article, we discussed how to set up and use Nmap for scanning IPv6 addresses. We also looked at considerations that need to be taken into account with regards to the considerably larger address space one is presented when scanning IPv6 networks.

Other Articles in this Series

Tools for Scanning IPv6 networks

Scanning IPv6 with fi6s

Scanning IPv6 with RustScan

Scanning IPv6 with Masscan

Scanning IPv6 with v6disc

***

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

Written by:
Riyaz Walikar

Riyaz Walikar

Chief Hacker

Riyaz is a security evangelist, offensive security expert and researcher with over a decade of experience in the cyber security industry. His passion to break into some of the most well defended networks and systems in his career spanning 15 years has earned him a lot respect within the security industry. He has led Security Assessment and Penetration Testing teams at Pricewaterhouse Coopers (PwC) and Appsecco, and the Product Security Team at Citrix before co-founding Kloudle. Riyaz now specializes in cloud native, container and cloud security in general, helping build an easy to use security management platform to help companies enhance their visibility in the cloud, identify security misconfigurations and automate remediation for security gaps enabling compliance and operational security in multi-cloud environments. He is also an avid speaker and trainer and presents his research and findings at security conferences and community meetups around the world including BlackHat USA, BH Europe, BH Asia, nullcon and OWASP AppsecUSA.Specialties: Cloud (AWS, GCP, Azure, IBM, Others) Security, Cloud-Native Security, Kubernetes, Container Security, Web Application Security, Network and System Penetration Testing, Wireless Network Security, Malware Analysis and Reverse Engineering, Threat Modelling, Windows Forensics, Security Code Review, Vulnerability Research, Exploit Development and Reverse Engineering. Certifications: CKA, CKAD, OSCP

Read more