Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [PATCH] nmap-service-probes: Misc database corrections, printer additions

From: Aaron Leininger <rilian4 () hotmail com>
Date: Thu, 16 Jul 2009 08:53:21 -0700


I changed the probe in my script to end w/ "\n" instead of "\r\n" as
it seems to elicit a better response from certain printers. I found
that certain printers that appeared non-responsive will get a response
if I wait long enough. The printer I was testing against seems to
require 12 seconds to respond to @PJL INFO STATUS and @PJL INFO ID
probes via NSE but will do so in under 3 seconds via ncat.


Hmm...there must be something different between what you're doing with
NSE vs Netcat (or the client machine, or something).  As some folks
have suggested, you may want to watch both interactions in Wireshark
and compare them.


I figured I must be doing something different as well but my data dumps seem to show otherwise. 
This is a hexdump of the probe as sent through ncat (which gets a response every time in less than 3 seconds)

[0000]   40 50 4A 4C 20 49 4E 46   4F 20 53 54 41 54 55 53   @PJL INF O STATUS
[0010]   0A                                                                     .

Next for comparison is NSE's dump (using -d and --script-trace options) of the probe it sent from my script:
00000000: 40 50 4a 4c 20 49 4e 46 4f 20 53 54 41 54 55 53 @PJL INFO STATUS

00000010: 0a


They are byte for byte exactly the same and yet NSE needs close to 12s to get the same response that ncat gets in 2-3s. 
At least when I modified the probe in my latest version (the one posted to this list yesterday) to use \n instead of 
\r\n, I was consistently getting results from this printer, even if slow ones. 

If anyone has any further insights on this, please let me know. 


The vast majority of script runs are without any extra options, so I
think it is best to default to a safe timeout (waiting long enough for
even the slow printers), and then if you add an option it can be used
to speed things up for people who only care about the relatively fast
HP printers.


Works for me. I'll leave the default as is for now...which by the way was 15s not 12s. I mistyped that yesterday...the 
probe I was sending was responding in about 12s so the number got stuck in my head... 

Aaron

_________________________________________________________________
Insert movie times and more without leaving HotmailĀ®. 
http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: