Nmap Development mailing list archives
Re: [PATCH] DNS-based Service Discovery service probe
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 14 Aug 2009 21:00:38 +0000
David I think this looks great. I think you'd be supprised how much mDNS is out there. Many P2P apps such as Limewire use it. I know in some circumstances the iPhone sends it, etc.
Although I see it mostly used with multicast adresses, I suspect unicast will work most of the time.
BrandonSent from my phone. If you would like a digital signature for this email let me know and I will sign it later.
On Aug 14, 2009, at 20:43, David Fifield <david () bamsoftware com> wrote:
Hi, I'm working on UDP payloads today and one of them so far would make a good version probe. Index: nmap-service-probes ##############################NEXT PROBE############################### DNS-based service discovery (DNS-SD). Asks for all services on the host.# http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt, section 9.Probe UDP DNS-SD q|\0\0\0\0\0\x01\0\0\0\0\0\0\x09_services\x07_dns-sd \x04_udp\x05local\0\0\x0c\0\x01|rarity 4 ports 5353 # mDNSResponder-176.3match mdns m|^\0\0\x84\0\0\x01..\0\0\0\0\x09_services\x07_dns-sd \x04_udp\x05local\0\0\x0c\0\x01| p/Apple mDNSResponder/It's a DNS Service Discovery (DNS-SD) request. DNS-SD is combined withmulticast DNS in Apple's Zeroconf and other similar implementations. The response is a DNS reply that contains a list of services offered by thehost. http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt The port name in nmap-services is "zeroconf" but I think it should be"mdns". Zeroconf is a collection of protocols of which multicast DNS andDNS-SD are a part. Even though the probe we send is unicast, port 5353 is the one reserved for multicast DNS. The format of the reply is fairly rigid so I don't know if this probewill allow distinguishing different DNS-SD implementations. The only oneother than mDNSResponder I'm aware of is Avahi. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] DNS-based Service Discovery service probe David Fifield (Aug 14)
- Re: [PATCH] DNS-based Service Discovery service probe Brandon Enright (Aug 14)
- Re: [PATCH] DNS-based Service Discovery service probe David Fifield (Aug 18)
- Re: [PATCH] DNS-based Service Discovery service probe Brandon Enright (Aug 14)