Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!)

[Tomás García-Merás <tomas () rockmusic org>]

> Seems OK to me (anyway, you could substitute "\x20" with " ")
> but you are true that the version string is a bit too long.
> Regarding those numbers in match ... could we get the version
> from it?

The number are just the fingerprint image quality settings, nothing 
about the version.

Anyway, I've found the problem with the second port (the "standard" 
control port: 1500), it needs a higher "totalwaitms".  Now, the complete 
pobes + matchs should be like that (using the service name you suggested):


# Cross Match Verifier E TCP/IP fingerprint reader
# http://www.crossmatch.com/products_singlescan_vE.html
# The device runs an embedded Linux

Probe TCP Verifier q|Subscribe\n|
ports 1500
totalwaitms 11000
match crossmatchverifier m/^(Idle|Notify)\r\n$/ v/Cross Match Verifier E 
fingerprint control///

Probe TCP VerifierAdvanced q|Query\n|
ports 1501
match crossmatchverifier 
m|^Settings\r\nGain\x20(\d+)\r\nContrast\x20(\d+)\r\nTime\x20(\d+)\r\nIllumination\x20(\d+)\r\nProcessed\r\n$| 
v/Cross Match Verifier E fingerprint advanced control///


With "totalwaitms 10000" it works most of the times, I've added another 
second for security.

> However, there are often some TCP ports that does not respond
> to any "common" probes and every new specialized probe would
> slow down the scan for another 5s which is probably
> unacceptable trade off for now. It will probably make it to
> the end of nmap-service-probes in a commented out form now
> (like WWWOFFLEctrlstat Probe) until some port-related
> optimization kicks in (like "do not send rare probes to
> non-default ports" or "send general probes only" or
> similar...)

Now, having a probe with "totalwaitms 11000" I agree with you that it 
will slow down the scan too much, but having it commented out would be 
nice, for documentation purposes at least.

> Shouldn't it be "Subscribe\n" only?

Yesss

> Anyway, shouldn't we expect "Notify" too? If so, use
> "(Idle|Notify)" instead of "Idle" for that.

Again, yes, I was using just "Idle" for testing...

Since we've changed the service name we should change also the one 
already on nmap-service-probes:

From:

match crossmatchverifier m|^Idle\r\n$| v/Cross Match Technologies 
Verifier fingerprint capture control port///

To:

match crossmatchverifier m|^Idle\r\n$| v/Cross Match Verifier E 
fingerprint control///

Do I need to post a diff file or this is enough?

That's all!! Thanks a lot for helping. Best regards: Tomas

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org