Nmap Development mailing list archives
Re: [BUG?] Setting host ( using h//) based on UDP matchlines
From: David Fifield <david () bamsoftware com>
Date: Sun, 13 Dec 2009 01:09:44 -0700
On Thu, Dec 03, 2009 at 06:07:03AM -0600, tom () fadedcode net wrote:
I had hoped to have this problem sorted out already but I have been buried in work so I wanted to send this to the list before I forgot. While working on the UDP probe/match line that Patrik Karlsson sent in I experienced some problems setting the Hostname value using h/ / on a matchline. The matchline reliably captured the host name data from the service response. I could set the information value using i/$4/ 100% of the time, but I could never set the Hostname value using h/$4/. I tested the same thing on TCP probes and never experienced the problem. I had intended to replicate this with other UDP probes, build a test case for it and, if it was actually a bug, fix the problem but have not had time.
I can't reproduce this with an Ncat server. First I added these lines to the end of nmap-service-probes: Probe UDP Test q|^xxx$| ports 31337 match test m|^12345-(.*)$| p/Test server/ i/$1/ h/$1/ Then I ran this Ncat server: ncat --udp --sh-exec "echo 12345-abc" --listen Then I ran this scan: nmap --datadir . localhost -sU -p 31337 -sV --version-light -d2 The output was PORT STATE SERVICE REASON VERSION 31337/udp open test udp-response Test server (abc) Service Info: Host: abc What's the exact match line you're using? We can set up Ncat to emulate the expected response and perhaps reproduce it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [BUG?] Setting host ( using h//) based on UDP matchlines Tom Sellers (Dec 03)
- <Possible follow-ups>
- [BUG?] Setting host ( using h//) based on UDP matchlines tom () fadedcode net (Dec 04)
- Re: [BUG?] Setting host ( using h//) based on UDP matchlines David Fifield (Dec 13)