Nmap Development mailing list archives
DNS-SD probe issues
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 1 Feb 2010 21:11:17 +0100
Hi All, The DNS-SD probe in nmap-service-probes fails to discover one of my boxes running Avahi and incorrectly discovers the other one as "Apple mDNSResponder". The reason the first box isn't discovered is that it contains 10 entries which translates to \n and fails matching the .. (two dots) in the match line. The reason for the incorrect match is that the packet from Avahi is identical with the packet from the Apple mDNSResponder. There's really not much place for uniqueness in these packets and I'm guessing it may be difficult to distinguish products by sending legitimate/correct queries. -- Unmatched packet SF-Port5353-UDP:V=5.21%I=0%D=2/1%Time=4B66F6E7%P=i386-apple-darwin10.2.0%r SF:(DNS-SD,10F,"\0\0\x84\0\0\x01\0\n\0\0\0\0\t_services\x07_dns-sd\x04_udp SF:\x05local\0\0\x0c\0\x01\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x14\x0c_workstati SF:on\x04_tcp\xc0#\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x07\x04_ssh\xc0G\xc0\x0c\ SF:0\x0c\0\x01\0\0\0\n\0\x0c\t_sftp-ssh\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0 SF:\x07\x04_smb\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x07\x04_ftp\xc0G\xc0\x0 SF:c\0\x0c\0\x01\0\0\0\n\0\x0f\x0c_device-info\xc0G\xc0\x0c\0\x0c\0\x01\0\ SF:0\0\n\0\x0e\x0b_afpovertcp\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x07\x04_r SF:sp\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x08\x05_daap\xc0G\xc0\x0c\0\x0c\0 SF:\x01\0\0\0\n\0\x08\x05_http\xc0G"); -- Packet matched as Apple mDNSResponder SF-Port5353-UDP:V=5.21%I=0%D=2/1%Time=4B66FAA2%P=i386-apple-darwin10.2.0%r SF:(DNS-SD,4E,"\0\0\x84\0\0\x01\0\x01\0\0\0\0\t_services\x07_dns-sd\x04_ud SF:p\x05local\0\0\x0c\0\x01\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x14\x0c_workstat SF:ion\x04_tcp\xc0#"); //Patrik -- Patrik Karlsson http://www.cqure.net _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- DNS-SD probe issues Patrik Karlsson (Feb 01)
- Re: DNS-SD probe issues David Fifield (Feb 01)
- Re: DNS-SD probe issues Fyodor (Feb 01)
- Re: DNS-SD probe issues David Fifield (Feb 01)