Nmap Development mailing list archives
Re: DNS-SD probe issues
From: David Fifield <david () bamsoftware com>
Date: Mon, 1 Feb 2010 13:17:13 -0700
On Mon, Feb 01, 2010 at 09:11:17PM +0100, Patrik Karlsson wrote:
Hi All, The DNS-SD probe in nmap-service-probes fails to discover one of my boxes running Avahi and incorrectly discovers the other one as "Apple mDNSResponder". The reason the first box isn't discovered is that it contains 10 entries which translates to \n and fails matching the .. (two dots) in the match line. The reason for the incorrect match is that the packet from Avahi is identical with the packet from the Apple mDNSResponder. There's really not much place for uniqueness in these packets and I'm guessing it may be difficult to distinguish products by sending legitimate/correct queries. -- Unmatched packet SF-Port5353-UDP:V=5.21%I=0%D=2/1%Time=4B66F6E7%P=i386-apple-darwin10.2.0%r SF:(DNS-SD,10F,"\0\0\x84\0\0\x01\0\n\0\0\0\0\t_services\x07_dns-sd\x04_udp SF:\x05local\0\0\x0c\0\x01\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x14\x0c_workstati SF:on\x04_tcp\xc0#\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x07\x04_ssh\xc0G\xc0\x0c\ SF:0\x0c\0\x01\0\0\0\n\0\x0c\t_sftp-ssh\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0 SF:\x07\x04_smb\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x07\x04_ftp\xc0G\xc0\x0 SF:c\0\x0c\0\x01\0\0\0\n\0\x0f\x0c_device-info\xc0G\xc0\x0c\0\x0c\0\x01\0\ SF:0\0\n\0\x0e\x0b_afpovertcp\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x07\x04_r SF:sp\xc0G\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x08\x05_daap\xc0G\xc0\x0c\0\x0c\0 SF:\x01\0\0\0\n\0\x08\x05_http\xc0G"); -- Packet matched as Apple mDNSResponder SF-Port5353-UDP:V=5.21%I=0%D=2/1%Time=4B66FAA2%P=i386-apple-darwin10.2.0%r SF:(DNS-SD,4E,"\0\0\x84\0\0\x01\0\x01\0\0\0\0\t_services\x07_dns-sd\x04_ud SF:p\x05local\0\0\x0c\0\x01\xc0\x0c\0\x0c\0\x01\0\0\0\n\0\x14\x0c_workstat SF:ion\x04_tcp\xc0#");
Just send things like this to the service submission/correction page. The DNS-SD matches are pretty new, and matches generally start out specific and become looser as corrections are submitted. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- DNS-SD probe issues Patrik Karlsson (Feb 01)
- Re: DNS-SD probe issues David Fifield (Feb 01)
- Re: DNS-SD probe issues Fyodor (Feb 01)
- Re: DNS-SD probe issues David Fifield (Feb 01)