Nmap Development mailing list archives
Re: [RFC] Detect certain Citrix application browsing services
From: David Fifield <david () bamsoftware com>
Date: Wed, 25 Nov 2009 13:50:20 -0700
On Wed, Nov 25, 2009 at 01:56:05PM -0600, Thomas Buchanan wrote:
David Fifield wrote:Okay. We can document that the payload comes from a packet capture of Program Neighborhood's broadcast. I committed the nmap-service-probes patch. Please make an updated patch for payload.cc that has documentation on where the packet comes from (packet capture of Program Neighborhood) and what is expected in reply. Because we still don't know much about the reply packet, I want you to include it in its entirety in a comment, with Xs or something to mark the bytes that tend to differ. Or if the replies are completely different after the first 14 bytes, just include the first 14 bytes and say that everything else is different.Here is an updated patch as requested. As I was putting it together, I noticed that a couple of the fields in the response packets are IP addresses, one for the Citrix server the response comes from, and a second field that appears to be the address of the primary system in a cluster farm. However, what this means that the match line I submitted earlier isn't quite right. It would match all Citrix servers that are in 192.168.*.* address space, but nothing else. So the match line in nmap-service-probes should be shortened to the first 12 bytes, or else a capture could be added to extract the IP address. I'm not sure if that's possible, my regex skills are very limited.
Thanks, Thomas, for following up on this. I applied your patch and also removed that last two bytes from the service probe match line. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 13)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 15)
- Re: [RFC] Detect certain Citrix application browsing services Fyodor (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 24)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 23)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 24)
- Re: [RFC] Detect certain Citrix application browsing services Thomas Buchanan (Nov 25)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 25)
- Re: [RFC] Detect certain Citrix application browsing services Fyodor (Nov 16)
- Re: [RFC] Detect certain Citrix application browsing services David Fifield (Nov 15)