Nmap Development mailing list archives
Re: Squeezecenter probe
From: David Fifield <david () bamsoftware com>
Date: Tue, 12 Jan 2010 14:10:48 -0700
On Tue, Jan 12, 2010 at 10:00:31PM +0100, Patrik Karlsson wrote:
On 12 jan 2010, at 21.24, David Fifield wrote:On Mon, Jan 04, 2010 at 10:41:07AM +0100, Patrik Karlsson wrote:I have added a probe and an appropriate match line that detects the Logitec Squeezecenter. I'm submitting a patch with the changes and the signature so that it can be further optimized if needed. SF-Port3483-UDP:V=5.10BETA2%I=7%D=1/4%Time=4B41B653%P=i386-apple-darwin10.2.0%r(SqueezeCenter,47,"ENAME\x05bubbaJSON\x049000VERS\x057\.4\.1UUID\$f85f SF:7fef-887b-41ff-acb1-c334d8ea59a7")%r(RPCCheck,12,"h\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0\0\0\0");##############################NEXT PROBE############################## # SqueezeCenter discovery Probe UDP SqueezeCenter q|eIPAD\0NAME\0JSON\0VERS\0UUID\0JVID\x06\x12\x34\x56\x78\x12\x34| rarity 5 ports 3483 match squeezecenter m|^ENAME.{1}(.+)JSON.{1}(\d+)VERS.{1}(.+)UUID.{1}(.+)$| p/SqueezeCenter/ i/Server Name: $1, JSON: $2, UUID: $4/ v/$3/I found there's a really nice wiki for this service and the products that use it, which are music players. It's at http://wiki.slimdevices.com/index.php/Main_Page. The server is free software written in Perl. However, now I'm confused because the protocol documentation on the wiki doesn't match the probe.That makes two of us. The probe is based on a packet I captured on my home network. The packet is repeatedly sent to the broadcast address from the logitech squeezebox duet remote control. So I'm guessing it some way for the remote control to discover the server. Google found me a Nessus script that more or less confirms this: http://www.nessus.org/plugins/index.php?view=single&id=42932http://wiki.slimdevices.com/index.php/SlimProtoTCPProtocol That page talks about listening on port 3483, but it doesn't seem to match up with the probe. It also says there is a listener on 3483/tcp, does your server have that? I would like you to see if you can figure out the discrepancy between the protocols (maybe I just misunderstand something). Maybe we can get even more information by tweaking the probe.Probing the TCP port may reveal more information, but that would probably be a different probe as described by the protocol in your link.
Okay, thanks. I added the probe and match lines. We'll have these links in the mailing list archive if we find out more in the future. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Squeezecenter probe Patrik Karlsson (Jan 04)
- Re: Squeezecenter probe David Fifield (Jan 12)
- Re: Squeezecenter probe Patrik Karlsson (Jan 12)
- Re: Squeezecenter probe David Fifield (Jan 12)
- Re: Squeezecenter probe Patrik Karlsson (Jan 12)
- Re: Squeezecenter probe David Fifield (Jan 12)