Probe submission for OpenText Gupta SQLBase

[Matthias Lutter <matthias () lutter cc>]

Dear nmap developers,

below I submit a servive probe for the "OpenText Gupta SQLBase" server 
and some related fingerprints. The information provided in the 
fingerprints are human readable, so I won't explain the system setup of 
these fingerprints. Unfortunately, I own only a single Windows 7 
license, thus the "ComputerName" and the "SNodeid" are always the same. 
The "ServerName" is some string provided in the sql.ini-file of SQLBase, 
independent to the rest of the system.

The default port for the server seems to be 2155. However, the server is 
often included in third-party software developed with OpenText Gupta 
Team Developer. The listing port is chosen by the third-party's software 
developers, thus the service may listen on any port. I have identified 
third-party software running the server on port 2156.

Additional information about the service:

1. The server does not respond to the client unless a proper packet is 
sent to the server.

2. The first two bytes of ecvery packet describe the length of the 
remaining part of the packet.

3. I guess that the command "SI" (see probe below) is an abbreviation 
for "Service Identifier". I captured some other packets sent to the 
server, but they don't seem much helpful for identifying the service.

4. Unfortunately, I was not able to set up a linux server, because the 
rpm packages provided had some strange dependencies.

Best,
Matthias



Probe TCP SQLBase q|\x13\0\0\0\0\0\x67\0\0\0SB: CMD=SI\0|
ports 2155




SF-Port2155-TCP:V=7.80%I=1%D=5/23%Time=5EC92FCC%P=x86_64-pc-linux-gnu%r(SQ
SF:LBase,B0,"\xae\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x04\0\0\0\xe
SF:f\xbb\xbfServername=SSYO3LD1;SNodeid=94A65DF5A4A1;Version=11\.7\.3\.103
SF:14;ComputerName=WINDOWS7;InstanceId=243A38C98076ACA8;SSL=0;SSLOnly=0;Bi
SF:ts=32;OS=windows\0");



SF-Port2155-TCP:V=7.80%I=1%D=5/23%Time=5EC92FCC%P=x86_64-pc-linux-gnu%r(SQ
SF:LBase,AC,"\xaa\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x04\0\0\0\xe
SF:f\xbb\xbfServername=TEST;SNodeid=94A65DF5A4A1;Version=12\.2\.0\.12540;C
SF:omputerName=WINDOWS7;InstanceId=CAA77D6EC6BEFD92;SSL=0;SSLOnly=0;Bits=3
SF:2;OS=windows\0");



SF-Port2156-TCP:V=7.80%I=1%D=5/23%Time=5EC92FCC%P=x86_64-pc-linux-gnu%r(SQ
SF:LBase,B0,"\xae\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x04\0\0\0\xe
SF:f\xbb\xbfServername=SERVER12;SNodeid=94A65DF5A4A1;Version=12\.2\.0\.123
SF:82;ComputerName=WINDOWS7;InstanceId=F784219F96EC1A70;SSL=0;SSLOnly=0;Bi
SF:ts=64;OS=windows\0");



SF-Port2155-TCP:V=7.80%I=1%D=5/23%Time=5EC94F82%P=x86_64-pc-linux-gnu%r(SQ
SF:LBase,AC,"\xaa\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x04\0\0\0\xe
SF:f\xbb\xbfServername=TEST;SNodeid=94A65DF5A4A1;Version=12\.2\.0\.12540;C
SF:omputerName=WINDOWS7;InstanceId=7F3142BA092100CB;SSL=1;SSLOnly=0;Bits=3
SF:2;OS=windows\0");



SF-Port2155-TCP:V=7.80%I=1%D=5/23%Time=5EC94FE6%P=x86_64-pc-linux-gnu%r(SQ
SF:LBase,AC,"\xaa\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x04\0\0\0\xe
SF:f\xbb\xbfServername=TEST;SNodeid=94A65DF5A4A1;Version=12\.2\.0\.12540;C
SF:omputerName=WINDOWS7;InstanceId=EE70C1EADDF40E01;SSL=1;SSLOnly=1;Bits=3
SF:2;OS=windows\0");



SF-Port2155-TCP:V=7.80%I=1%D=5/23%Time=5EC9541E%P=x86_64-pc-linux-gnu%r(SQ
SF:LBase,B0,"\xae\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02\x04\0\0\0\xe
SF:f\xbb\xbfServername=SGACZQ6D;SNodeid=94A65DF5A4A1;Version=12\.1\.1\.117
SF:37;ComputerName=WINDOWS7;InstanceId=F86A12E978436C31;SSL=0;SSLOnly=0;Bi
SF:ts=32;OS=windows\0");
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/