Nmap Development mailing list archives
Re: [service-probes] Detect tibco RDV
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 19 Jun 2014 17:35:40 -0500
Quentin, Thanks for the submission. I think this needs a bit more improvement before we would consider including it, since it doesn't give much information at all. First, I would want to know that there are no existing probes that can elicit a response. In this particular case, I would begin with the following command: nmap -p 7500 -sV --version-all $TARGET If the service responds at all, Nmap will print a service fingerprint ( http://nmap.org/book/vscan-community.html#vscan-submit-prints), which you can submit to http://insecure.org/cgi-bin/submit.cgi?new-service If the service does not respond, then we need to add a new probe--likely the one you have created. A good probe will: 1. Not cause changes on the target system (e.g. we would never use a SNMP SET request as a probe) 2. Get responses from the widest range of versions of the target software (e.g. our HTTP probes use HTTP/1.0, not HTTP/1.1, since more devices support that) 3. Preferably get responses that contain version information, or that change from version to version. This is not always possible. It's possible that after all that, your probe and match line are the best we can come up with. In that case, though, we would still want a better product name than "unknown". I would guess that we would use "TIBCO Rendezvous" instead. Dan On Mon, Jun 16, 2014 at 3:59 AM, qhardyfr () gmail com <qhardyfr () gmail com> wrote:
Hello, Nmap don't detect the tibco RDV yet ( http://www.tibco.com/products/automation/enterprise-messaging/rendezvous/default.jsp ). Here is a service-probes that detect the the tibco RDV protocol. """ ##############################NEXT PROBE############################## Probe TCP tibco-rdv q|\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00| ports 7500 match tibco-rdv m|\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00|s p/unknown/ """ What do you think of that? Thank you in advance, -- Quentin HARDY _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [service-probes] Detect tibco RDV qhardyfr () gmail com (Jun 19)
- Re: [service-probes] Detect tibco RDV Daniel Miller (Jun 19)