Nmap Development mailing list archives
Re: SIP version detection script
From: David Fifield <david () bamsoftware com>
Date: Wed, 25 Nov 2009 18:47:42 -0700
On Wed, Nov 25, 2009 at 11:51:47AM -0500, Matt Selsky wrote:
On Nov 23, 2009, at 6:49 AM, Patrik Karlsson wrote:It probably should, and maybe even 5061/tcp (SIP over TLS)?! However, as I started fixing the script I noticed I got some strange answers back, like the version being written twice. I then ran tcpdump and found that Nmap is already probing 5060/tcp. Greping for a pattern in this packet revealed: [root@localhost ~]# grep -r "nm@nm" /usr/share/nmap/ /usr/share/nmap/nmap-service-probes:Probe TCP SIPOptions q|OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/TCP nm;branch=foo\r\nFrom: <sip:nm@nm>;tag=root\r\nTo: <sip:nm2@nm2>\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: <sip:nm@nm>\r\nAccept: application/sdp\r\n\r\n| So, you tell me, should I be running the script against these TCP ports as well? Why doesn't the nmap-service-probes contain the same SIP probes for UDP?Is there any way to say that all "match" lines for "Probe TCP SIPOptions" are also valid for "Probe UDP SIPOptions" without having to copy and paste?
I tried doing it with a fallback, but fallbacks are protocol-specific so a UDP probe can't refer to a TCP probe. Copying the tested match lines sounds okay. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SIP version detection script Patrik Karlsson (Nov 22)
- Re: SIP version detection script Matt Selsky (Nov 22)
- Re: SIP version detection script Patrik Karlsson (Nov 23)
- Re: SIP version detection script Matt Selsky (Nov 24)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script David Fifield (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 23)
- Re: SIP version detection script Matt Selsky (Nov 22)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Fyodor (Nov 24)
- Re: SIP version detection script Patrik Karlsson (Nov 24)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 25)
- Re: SIP version detection script Matt Selsky (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 25)
- Re: SIP version detection script David Fifield (Nov 25)
- Re: SIP version detection script Patrik Karlsson (Nov 26)