Nmap Development mailing list archives
Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!)
From: Tomás García-Merás <tomas () rockmusic org>
Date: Thu, 23 Dec 2004 23:56:50 +0100
> Seems OK to me (anyway, you could substitute "\x20" with " ") > but you are true that the version string is a bit too long. > Regarding those numbers in match ... could we get the version > from it?The number are just the fingerprint image quality settings, nothing about the version.
Anyway, I've found the problem with the second port (the "standard" control port: 1500), it needs a higher "totalwaitms". Now, the complete pobes + matchs should be like that (using the service name you suggested):
# Cross Match Verifier E TCP/IP fingerprint reader # http://www.crossmatch.com/products_singlescan_vE.html # The device runs an embedded Linux Probe TCP Verifier q|Subscribe\n| ports 1500 totalwaitms 11000match crossmatchverifier m/^(Idle|Notify)\r\n$/ v/Cross Match Verifier E fingerprint control///
Probe TCP VerifierAdvanced q|Query\n| ports 1501match crossmatchverifier m|^Settings\r\nGain\x20(\d+)\r\nContrast\x20(\d+)\r\nTime\x20(\d+)\r\nIllumination\x20(\d+)\r\nProcessed\r\n$| v/Cross Match Verifier E fingerprint advanced control///
With "totalwaitms 10000" it works most of the times, I've added another second for security.
> However, there are often some TCP ports that does not respond > to any "common" probes and every new specialized probe would > slow down the scan for another 5s which is probably > unacceptable trade off for now. It will probably make it to > the end of nmap-service-probes in a commented out form now > (like WWWOFFLEctrlstat Probe) until some port-related > optimization kicks in (like "do not send rare probes to > non-default ports" or "send general probes only" or > similar...)Now, having a probe with "totalwaitms 11000" I agree with you that it will slow down the scan too much, but having it commented out would be nice, for documentation purposes at least.
> Shouldn't it be "Subscribe\n" only? Yesss > Anyway, shouldn't we expect "Notify" too? If so, use > "(Idle|Notify)" instead of "Idle" for that. Again, yes, I was using just "Idle" for testing...Since we've changed the service name we should change also the one already on nmap-service-probes:
From:match crossmatchverifier m|^Idle\r\n$| v/Cross Match Technologies Verifier fingerprint capture control port///
To:match crossmatchverifier m|^Idle\r\n$| v/Cross Match Verifier E fingerprint control///
Do I need to post a diff file or this is enough? That's all!! Thanks a lot for helping. Best regards: Tomas ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Service probe for Cross Match Verifier E fingerprint capture device (need help!) Tomás García-Merás (Dec 22)
- Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!) Martin Mačok (Dec 23)
- <Possible follow-ups>
- Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!) Tomás García-Merás (Dec 23)