Nmap Development mailing list archives
Re: [nmap-svn] r36293 - nmap
From: David Fifield <david () bamsoftware com>
Date: Mon, 19 Sep 2016 10:00:55 -0700
On Mon, Sep 19, 2016 at 11:40:49AM -0500, Daniel Miller wrote:
This is more complicated than I thought. We want to support all the named protocols, but some of those start with capital letters and others start with digits (3com-tsmux, 914c-g, etc.). Even worse, some start with digits followed by hyphen (802-11-iapp, 4-tieropmgw, and 4-tieropmcli). Here's a selection of services that currently are not handled properly: 914c-g 211/tcp 0.000427 # 914c/g | Texas Instruments 914C/G Terminal IIS 1027/tcp 0.006724 # 6a44 | IPv6 Behind NAT44 CPEs 4-tieropmgw 2933/tcp 0.000000 # 4-TIER OPM GW 802-11-iapp 3517/tcp 0.000228 # IEEE 802.11 WLANs WG IAPP 3exmp 5221/tcp 0.000228 # 3eTI Extensible Management Protocol for OAMP X11:1 6001/tcp 0.011730 # X Window server SunVTS-RMI 6483/tcp 0.000000 # SunVTS RMI Trinoo_Bcast 27444/udp 0.001554 # Trinoo distributed attack tool Master I think these cover most of the odd cases. I thought maybe we could unconditionally attempt a strtol and then check the next character to determine if it should be treated as a port number or as part of a name, but that does not account for 802-11-iapp. Maybe instead do a last-ditch effort to look up a service if the parsing failed?
I agree that the current restriction to lowercase letters doesn't make sense. I would just change "islower" to "isalpha" in this line: } else if (islower((int) (unsigned char) *current_range) || *current_range == '*' || *current_range == '?') { As for services that start with a digit, there is this comment in nmap.cc: * getpts() is unable to match service names that start with a digit * like 3com-tsmux (106/udp). Use a pattern like "?com-*" instead. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r36293 - nmap Daniel Miller (Sep 19)
- Re: [nmap-svn] r36293 - nmap David Fifield (Sep 19)