Nmap Development mailing list archives
Re: Harnessing Service Discovery
From: David Fifield <david () bamsoftware com>
Date: Thu, 27 Nov 2008 08:00:18 -0700
On Thu, Nov 27, 2008 at 06:28:52AM +0200, Toni Ruottu wrote:
On Wed, 2008-11-26 at 16:05 -0700, David Fifield wrote:On Mon, Nov 24, 2008 at 08:18:19PM +0200, Toni Ruottu wrote:To get my hands dirty on the subject, I wrote a simple script which uses Avahi Bonjour implementation to produce an Nmap compatible XML-file that can be opened in Zenmap for inspection. I have attached the script to this email for your convenience, but I also created a Bazaar repository to Launchpad.net for those of you who'd prefer getting a branch instead.The local host is not running any kind of Zeroconf but port 9 on localhost was marked up, which it is not.Many hosts seem to be advertising port 9. Port 9 is reserved for discard service, which is probably the most simple protocol running on top of TCP and UDP (see RFC863 [1]). However, I have seen none of the hosts actually implementing the protocol. Maybe it would be appropriate for Bonmap to filter out all results regarding port 9 and using that data only to mark that the host is up when no other ports were discovered.
Hm, that's interesting. In that case I would suggest leaving it in and keeping the reason field set to indicate that the results came from Zeroconf. It could be that the presence of port 9 is useful, perhaps giving as clue as to the Zeroconf implementation. Unfortunately Zenmap doesn't currently display port reasons. I wasn't aware of the discard service. Just one of Ncat's many abilities is to be a fully-fledged discard server: ncat -l 9 > /dev/null
This technique of an external program generating Nmap XML can be very powerful when combined with Zenmap's scan aggregation. You could do a normal port scan and then supplement the results by loading a Bonmap file.I have to try that out. I was hoping people would be creative.
Aggregation is done with the menu option "Open Scan in This Window" or alteratively with the "Append Scan" button in the "Scans" tab. Anywhere you see the plus icon. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Harnessing Service Discovery Toni Ruottu (Nov 24)
- Re: Harnessing Service Discovery David Fifield (Nov 26)
- Re: Harnessing Service Discovery Toni Ruottu (Nov 26)
- Re: Harnessing Service Discovery David Fifield (Nov 27)
- Re: Harnessing Service Discovery Toni Ruottu (Nov 26)
- Re: Harnessing Service Discovery David Fifield (Nov 26)