Nmap Development mailing list archives
Re: Service Detection: BMC Configuration Management
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 11 Jun 2008 23:09:33 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Jun 2008 17:50:34 -0500 or thereabouts Tom Sellers <nmap () fadedcode net> wrote:
I have attached a pair of match lines that detect the client side portion of the BMC (formerly Marimba) Configuration Management software. The client portion is called a Tuner and typically lives on port 7717. Depending on the state of the software the service will return either a 200 or 401 response to the GetRequest probe. The product section says "BMC(Marimba) Configuration Management". I wasn't satisfied with it but I could not figure out how to escape a "/" in the p// section. Tom
Hey Tom, these look pretty good. I have a few comments: * You place capturing parens around HTTP... which slow down PCRE. * You use HTTP/1.0 200 for one match and 1.1 401 for the other. Can these codes be returned for just those respective versions of HTTP? * You can use the same p|| trick to embed '/' that you used with m||. Any paired delimiter will work (), ##, [], etc. If you adjust these match lines I'm sure they will be able to be integrated. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkhQWzcACgkQqaGPzAsl94LAXgCgkodx/KJ3ZTfBbOk2dpMMnNFm 07cAnA3t+PChV4aT6YveN9Dqlxh9gpD8 =F3ca -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Service Detection: BMC Configuration Management Tom Sellers (Jun 11)
- Re: Service Detection: BMC Configuration Management Brandon Enright (Jun 11)
- Re: Service Detection: BMC Configuration Management - Update Tom Sellers (Jun 11)
- Re: Service Detection: BMC Configuration Management Brandon Enright (Jun 11)