Nmap Development mailing list archives
Re: Service Detection: SIP end point
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 20 Mar 2008 19:38:43 -0500
Brandon Enright wrote:
This is good work. The issue though with match lines that are too generic is that they will prevent more accurate service fingerprints from ever being printed or submitted. The line could probably be better suited as a softmatch like so: softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n| i/SIP end point; Status: $1/ Can you give that a whirl and report back if you see any issue with it? Brandon
The softmatch works well and returns a fingerprint that can be submitted. I am working in a different environment at the moment and noticed some details in the response that will likely allow for the creation of a Cisco specific match line. I will probably provide this late tonight or tomorrow. Thanks again, Tom _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Service Detection: SIP end point Tom Sellers (Mar 20)
- Re: Service Detection: SIP end point Brandon Enright (Mar 20)
- Re: Service Detection: SIP end point Tom Sellers (Mar 20)
- Re: Service Detection: SIP end point (1 match, 2 softmatch) Tom Sellers (Mar 21)
- Re: Service Detection: SIP end point Brandon Enright (Mar 20)