Bug#1098367: nmap reports pingable IPv6 host as down

Fri, 17 Oct 2025 20:59:08 -0700 

On 19/02/2025 18:59, Hilko Bengen wrote:

* Lee Garrett:


$ nmap -6 2a01:4f8:231:161c::1
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-19 16:58 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.10 seconds

I'd expect nmap to show the host as up since I can ping that address. Using -Pn
scan the host and shows the open ports correctly.


Curious, this does not happen hereā„¢ for other hosts, but for the address
you tried.

Using tcpdump, I don't even see anything resembling "ping probes", but
failing attempts to 80/tcp, 443/tcp:
,----
| $ sudo tcpdump -ni enp9s0 ip6 host 2a01:4f8:231:161c::1
| tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
| listening on enp9s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
| 18:46:07.083120 IP6 <MY-ADDRESS>.47374 > 2a01:4f8:231:161c::1.80: Flags [S], 
seq 1605758339, win 64440, options [mss 1432,sackOK,TS val 1103345539 ecr 0,nop,wscale 
7], length 0
| 18:46:07.087845 IP6 <MY-ADDRESS>.41286 > 2a01:4f8:231:161c::1.443: Flags [S], 
seq 3130674863, win 64440, options [mss 1432,sackOK,TS val 1103345539 ecr 0,nop,wscale 
7], length 0
| 18:46:07.100433 IP6 2a01:4f8:231:161c::1 > <MY-ADDRESS>: ICMP6, destination 
unreachable,  unreachable prohibited 2a01:4f8:231:161c::1, length 88
| 18:46:07.105415 IP6 2a01:4f8:231:161c::1 > <MY-ADDRESS>: ICMP6, destination 
unreachable,  unreachable prohibited 2a01:4f8:231:161c::1, length 88
`----

Apparently ICMP messages are only generated if nmap is run as root and
those TCP connection attempts serve as a backup.

Cheers,
-Hilko
Stumbled over this again today. Digging further, I think the -PE option is broken in nmap for IPv6. 

nmap -6 -PE hopper.rocketjump.eu
will attempt a 80/tcp connection, and fail. It is however supposed to send an ICMPv6 echo request. Running the same command as root succeeds. I don't see a technical reason for this, though, since ICMP requests can also be sent via the ping tool from an unprivileged user. 

Shall I report this issue with upstream?

Greets,
Lee

Reply via email to