Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Harnessing Service Discovery

From: David Fifield <david () bamsoftware com>
Date: Thu, 27 Nov 2008 08:00:18 -0700
On Thu, Nov 27, 2008 at 06:28:52AM +0200, Toni Ruottu wrote:

On Wed, 2008-11-26 at 16:05 -0700, David Fifield wrote:

On Mon, Nov 24, 2008 at 08:18:19PM +0200, Toni Ruottu wrote:

To get my hands dirty on the subject, I wrote a simple script which uses
Avahi Bonjour implementation to produce an Nmap compatible XML-file that
can be opened in Zenmap for inspection. I have attached the script to
this email for your convenience, but I also created a Bazaar repository
to Launchpad.net for those of you who'd prefer getting a branch instead.


The local host is not running any kind of Zeroconf but port 9 on localhost
was marked up, which it is not.


Many hosts seem to be advertising port 9. Port 9 is reserved for discard
service, which is probably the most simple protocol running on top of
TCP and UDP (see RFC863 [1]). However, I have seen none of the hosts
actually implementing the protocol. Maybe it would be appropriate for
Bonmap to filter out all results regarding port 9 and using that data
only to mark that the host is up when no other ports were discovered.


Hm, that's interesting. In that case I would suggest leaving it in and
keeping the reason field set to indicate that the results came from
Zeroconf. It could be that the presence of port 9 is useful, perhaps
giving as clue as to the Zeroconf implementation. Unfortunately Zenmap
doesn't currently display port reasons.

I wasn't aware of the discard service. Just one of Ncat's many abilities
is to be a fully-fledged discard server:

        ncat -l 9 > /dev/null


This technique of an external program generating Nmap XML can be very
powerful when combined with Zenmap's scan aggregation. You could do a
normal port scan and then supplement the results by loading a Bonmap
file.


I have to try that out. I was hoping people would be creative.


Aggregation is done with the menu option "Open Scan in This Window" or
alteratively with the "Append Scan" button in the "Scans" tab. Anywhere
you see the plus icon.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: