Changes

=== Introduction ===

=== Introduction ===

Recent web-browsers request IPv6 DNS lookups in preference to IPv4 if they are running on a host with IPv6 enabled. My domain (ipv6.chappell-family.com) has DNS entries for both IPv4 and IPv6 addresses, but defaults to IPv4. This makes it safe for IPv4-only hosts, which make up most of the current web traffic, including search engines, to use the same URL. Browsers running on IPv4-only hosts will not request an IPv6 address and will therefore access the website entirely using IPv4. The landing page, as linked below, attempts to determine whether your machine has a valid globally routable IPv6 address (2000::/3) and whether it is behind an HTTP proxy, by looking for well known HTTP header variables which indicate that this may be the case. Only if the hosts' IP address is determined to be globally routable unicast IPv6 and there are no tell-tale HTTP proxy variables will the landing page offer links to initiate the scan, as encircled in the figure below.

Recent web-browsers request IPv6 DNS lookups in preference to IPv4 if they are running on a host with IPv6 enabled. My domain (ipv6.chappell-family.com) has DNS entries for both IPv4 and IPv6 addresses, but defaults to IPv4. This makes it safe for IPv4-only hosts, which make up most of the current web traffic, including search engines, to use the same URL. Browsers running on IPv4-only hosts will not request an IPv6 address and will therefore access the website entirely using IPv4. The landing page, as linked below, attempts to determine whether your machine has a valid globally routable IPv6 address (2000::/3) and whether it is behind an HTTP proxy, by looking for well known HTTP header variables which indicate that this may be the case. Only if the hosts' IP address is determined to be globally routable unicast IPv6 and there are no tell-tale HTTP proxy variables will the landing page offer links to initiate the scan, as shown in the figure below.

[[File:IPscan_Landing_2019.png|border|alt=IPv6 Port Scanner (Firewall tester) landing page viewed using Firefox. See https://ipv6.chappell-family.com/ipv6tcptest/]]

[[File:IPscan_Landing_2019.png|320x480px|border|alt=IPv6 Port Scanner (Firewall tester) landing page viewed using Firefox. See https://ipv6.chappell-family.com/ipv6tcptest/]]

The tester is made available in two basic versions - one for browsers supporting javascript and the other suitable for text-only browsers such as Lynx, w3m and ELinks. The lightweight text-only browser version (right-hand figures) can be used on hosts which do not sport their own GUI environment (e.g. servers and embedded devices like routers). The original javascript browser version (left-hand figures) supports ongoing updates of the test status, whereas the text-only version only produces a results page once all the selected ports have been tested. Additionally, a fast and standard version of both of these testers is provided. The fast version tests multiple TCP or UDP ports in parallel, whereas the standard version tests only 1 port at a time, at a default rate of 1 port per second. Please be aware that some OS and firewalls apply rate-limiting to their generation, or passing, of ICMPv6 responses on the basis that this behaviour is indicative of a port scan being performed. Consequently such rate-limiting might cause a port which would normally generate an ICMPv6 response (e.g. PHBTD) to send no response at all, which IPscan would report as STEALTHed. If you are testing a host or firewall (whether on the client under test or elsewhere in the path between your client and the test server) which implements such rate-limiting then you are advised to use the standard, slower versions of IPscan which should not trigger the rate-limiting behaviour. If you're unsure which version is appropriate for you, then try both and compare the results. Some Linux distributions and some ISP firewalls are known to implement such rate-limiting.

The tester is made available in two basic versions - one for browsers supporting javascript and the other suitable for text-only browsers such as Lynx, w3m and ELinks. The lightweight text-only browser version can be used on hosts which do not sport their own GUI environment (e.g. servers and embedded devices like routers). The original javascript browser version supports ongoing updates of the test status, whereas the text-only version only produces a results page once all the selected ports have been tested. Additionally, a fast and standard version of both of these testers is provided. The fast version tests multiple TCP or UDP ports in parallel, whereas the standard version tests only 1 port at a time, at a default rate of 1 port per second. Please be aware that some operating systems and firewalls apply rate-limiting to their generation, or passing, of ICMPv6 responses on the basis that this behaviour is indicative of a port scan being performed. Consequently such rate-limiting might cause a port which would normally generate an ICMPv6 response (e.g. PHBTD) to send no response at all, which IPscan would report as STEALTHed. If you are testing a host or firewall (whether on the client under test or elsewhere in the path between your client and the test server) which implements such rate-limiting then you are advised to use the standard, slower versions of IPscan which should not trigger the rate-limiting behaviour. If you're unsure which version is appropriate for you, then try both and compare the results. Some Linux distributions and some ISP firewalls are known to implement such rate-limiting.

[[File:Kickoff12.jpg|320x480px|border|alt=IPv6 Port Scanner (Firewall tester) original kickoff page viewed using Safari. See https://ipv6.chappell-family.com/ipv6tcptest/]]

 

[[File:W3m_kickoff_LR.jpg |320x480px|border|alt=IPv6 Port Scanner (Firewall tester) lightweight kickoff page viewed using w3m. See https://ipv6.chappell-family.com/ipv6tcptest/]]

[[File:IPscan_kickoff_2019.png|320x480px|border|alt=IPv6 Port Scanner (Firewall tester) original kickoff page viewed using Safari. See https://ipv6.chappell-family.com/ipv6tcptest/]]