Nmap Development mailing list archives

Re: Quake 3 query script submission

From: Mak Kolybabi <mak () kolybabi com>
Date: Mon, 18 Jan 2010 13:18:47 -0600

On 2010-01-18 11:30, David Fifield wrote:

Hi, first I want to say that the script looks really excellent, with regard to
code style and documentation and everything. It looks like you did your
homework to find out what an NSE script should look like. I'm curious to know
what resources you used in writing the script--was it the book documentation,
other scripts, or what.


Thanks for the compliment, I tend to obsess about styling. For resources, I read
through the relevant chapter of the Nmap book [1], and tried to take tips from
the Lua Style Guide [2]. Additionally, I've previously touched up
smb-enum-processes.nse for Ron Bowes, adding in all of the tree output
formatting.

I had the same thought as Fyodor, which is that it would be best to somehow
probe the target itself to see if it's running a server, if that's possible.
How does it work? Is the server for a game always (or usually) running on a
standard port, or does it pick a random port and users have to go through a
master to find it? In the second case the job is more difficult, but it would
still be good to have some indication that a target may be running a game
server before hitting an external host.


These game servers work like many other services in that they have a default
port (e.g., 26000 for Nexuiz), but you can easily change them to any other port.
For example, I just queried the master servers for the list of public Nexuiz
servers and got the following most common ports:
- 26000: 85 servers
- 26001: 16 servers
- 26002: 9 servers
- 26003: 7 servers
- 26004: 6 servers
So I'd agree that it's reasonable to query the default ports and maybe five to
ten ports after it to catch maybe half of the cases.

As for how the game clients work, they all query the master servers to find out
the IP and port numbers of the game servers, instead of making any assumptions.

[1] http://nmap.org/book/nse.html
[2] http://lua-users.org/wiki/LuaStyleGuide

--
Matthew Anthony Kolybabi (Mak)
<mak () kolybabi com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Quake 3 query script submission Mak Kolybabi (Jan 16)
- Re: Quake 3 query script submission Fyodor (Jan 17)
  - Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
- Re: Quake 3 query script submission David Fifield (Jan 18)
  - Re: Quake 3 query script submission Mak Kolybabi (Jan 18)
    - Re: Quake 3 query script submission David Fifield (Jan 18)
    - Re: Quake 3 query script submission Mak Kolybabi (Jan 24)
    - Re: Quake 3 query script submission Brandon Enright (Jan 24)
    - Re: Quake 3 query script submission Mak Kolybabi (Jan 25)
    - Re: Quake 3 query script submission David Fifield (Jan 26)
    - Re: Quake 3 query script submission Mak Kolybabi (Jan 29)
    - Re: Quake 3 query script submission David Fifield (Jan 29)