Nmap Development mailing list archives
Re: More Service Detection Notes (Skype)
From: doug () hcsw org
Date: Wed, 26 Jul 2006 00:25:58 -0700
Hi Brandon, On Wed, Jul 26, 2006 at 05:56:46AM +0000 or thereabouts, Brandon Enright wrote:
match skype m|(.*[^\0-\x04\s!-~]){10}|s p/Skype v2 random data/
Being able to require two different probes to match would get us within acceptable margins. Together with the above match *and* "HTTP/1\.0 404 Not Found\r\n\r\n" we'd be able to match Skype very reliably.
I agree completely. What do you think about an addition to the nmap-service-probes format that requires multiple match lines having to be triggered in order to report a result? Specifically, do you (or anyone else) see anything wrong with the following: ... Probe TCP GenericLines q|\r\n\r\n| ... match &skype2 m|(.*[^\0-\x04\s!-~]){10}|s p/Skype v2/ ... Probe TCP GetRequest q|GET / HTTP/1.0\r\n\r\n| ... match &skype2 m|^HTTP/1\.0 404 Not Found\r\n\r\n$| p/Skype v2/ ... where the '&'s preceding the service names mean that all such match lines need to match in order to trigger a match? Doug
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- More Service Detection Notes doug (Jul 25)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
- Re: More Service Detection Notes (Skype) doug (Jul 26)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 26)
- Re: More Service Detection Notes (Skype) Fyodor (Jul 27)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 27)
- Re: More Service Detection Notes (Skype) doug (Jul 26)
- Re: More Service Detection Notes (Skype) Brandon Enright (Jul 25)
- Re: More Service Detection Notes Fyodor (Aug 01)
- Re: More Service Detection Notes doug (Aug 01)
- Re: More Service Detection Notes Brandon Enright (Aug 02)
- Re: More Service Detection Notes Fyodor (Aug 02)