service detection throughts

["Andy Lutomirski" <Luto () mailandnews com>]

I imagine some sort of tree structure, where each node builds on data from the previous node.  nMap could include logic 
to never try the same node twice, and each node could contain some script for what to do.  For example: (in 
pseudocodeish)

root:
 tcp_connect:
  begin script
  $out = read(100 bytes, magic (see below) )
  if $out =~ /E?SMTP/i
   SMTP() ; try SMTP branch
  if ...
  HELO()
  end script

   SMTP:
   begin script
   version test
   if failed
    break; (go back to tcp_connect)
   if success
    return SMTP
   end script
   end SMTP

   HELO:
   begin script
   send "HELO<CRLF>"
   $y = read(100 bytes or CRLF)
   if y =~ /some SMTP response here/
    SMTP() ; this will skip if SMTP was already tried ?
   ...
   end script
   end HELO

end root


The "magic" read could simply wait for a non-full TCP segment (not so easy, but a simply way to detect the end of 
remote transmission, assuming that Nagle is in use).

Perhaps the script could simply be perl (open-source, freeware, good regex support, perhaps too big)

My .02c.

Andy