Nmap Development mailing list archives
Re: quake3 opportunistic portrule
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 6 Jan 2011 22:55:10 +0200
That would not be possible as many master servers are used for multiple games simultaneously, but it also would not be correct. Version detection is supposed to tell the protocol and possibly the version of the server, but not what the server is used for. When the master server is asked to provide server addresses for a game version it is not aware of it will send an empty list, so the version detection probe and matchline should work even when the master is not aware of any servers for protocol 68. We should probably call the protocol dpmaster instead of quake3-master. Setting the product name probably does not make sense unless we find a way of identifying different implementations of the protocol. For example, if we could find a difference in Dpmaster and the server IdSoftware wrote, we could use product names to underline that. I have attached a patch to apply instead of the earlier quake3-master-probe patch. Here the protocol is called dpmaster. I also removed the product name from the match line. On Thu, Jan 6, 2011 at 10:19 PM, David Fifield <david () bamsoftware com> wrote:
On Thu, Jan 06, 2011 at 09:47:53PM +0200, Toni Ruottu wrote:The master server is not game specific. I am calling it quake3-master because I got the impression that Quake3 was the first game to use the protocol. The magic number 68 (in the probe) is the protocol version of the game we are requesting server addresses for. I am using 68 as that seems to be most common on the original quake3 master server. I tried out all protocol numbers up to 100 to measure this. There are also non-numeric versions, like "Nexuiz 3". These are harder to analyse. I am working on some discovery scripts that do further analysis on both the master servers and actual quake3 servers. I am not aware of any other master server commands, and the response to getservers only contains ports and IP addresses for game servers of the requested version.I found some docs here: http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?revision=10433&view=markup ftp://ftp.idsoftware.com/idstuff/quake3/docs/server.txt I agree that there doesn't look to be much room for protocol variation. (An exception appears to be the getserversExt command supported by this dpmaster.) But it also looks like it would be beneficial to try many different protocol numbers and game names, not just 68. What do you think about making this a "version" category NSE script, which sends whatever you think are the most likely game names/protocol numbers and sets the version to "quake3-master" on the first response? David Fifield
Attachment:
dpmaster-probe.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 01)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 01)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 01)
- Re: quake3 opportunistic portrule David Fifield (Jan 01)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 02)
- Re: quake3 opportunistic portrule David Fifield (Jan 02)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 06)
- Re: quake3 opportunistic portrule David Fifield (Jan 06)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 06)
- Re: quake3 opportunistic portrule David Fifield (Jan 06)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 06)
- Re: quake3 opportunistic portrule David Fifield (Jan 07)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 10)
- Re: quake3 opportunistic portrule David Fifield (Jan 10)
- Re: quake3 opportunistic portrule Toni Ruottu (Jan 01)