Script ip-forwarding

Script types: hostrule
Categories: safe, discovery

Script Summary

Detects whether the remote device has ip forwarding or "Internet connection sharing" enabled, by sending an ICMP echo request to a given target using the scanned host as default gateway.

The given target can be a routed or a LAN host and needs to be able to respond to ICMP requests (ping) in order for the test to be successful. In addition, if the given target is a routed host, the scanned host needs to have the proper routing to reach it.

In order to use the scanned host as default gateway Nmap needs to discover the MAC address. This requires Nmap to be run in privileged mode and the host to be on the LAN.

Script Arguments

a LAN or routed target responding to ICMP echo requests (ping).

Example Usage

sudo nmap -sn <target> --script ip-forwarding --script-args=''

Script Output

| ip-forwarding:
|_  The host has ip forwarding enabled, tried ping against (



  • Patrik Karlsson

License: Same as Nmap--See