Nmap Development mailing list archives
Re: Lexmark script
From: David Fifield <david () bamsoftware com>
Date: Fri, 22 Jan 2010 17:32:20 -0700
On Wed, Jan 13, 2010 at 08:45:43PM +0100, Patrik Karlsson wrote:
The script looks good, but I want you to see if you can make it work using the dns library. If the dns library lacks some feature that you need, it better that we improve it centrally there.I've modified the script to make use of the dns library and reduced the code considerably. It required another small patch to the dns library as the printer did not properly populate the question section of the response. I'm attaching this patch as part of the other patches I did to the dns library for the dns discovery script.
I committed your dns.lua patch.
Looking at the script, it doesn't seem that the protocol uses multicast DNS, or is any variant of Bonjour/Rendezvous/Zeroconf/DNS-SD. It looks to me like a simple proprietary protocol using DNS as a transport. If that's so, we can name the service hbn3, like we do for some other protocols that run over another protocol.the script should be naming the service as hbn3 now.Does the printer have the same service on 5353/udp? If not, then the script shouldn't run for that port.I've removed the 5353 port support as the printer does not have the same service there.
I'm confused. In the new version of this script, the portrule lets the script run when port 9100/udp is open, but then goes on to send a probe to 5353/udp. Which port is the service you're querying running on? What do you get when you probe port 9100 directly? portrule = shortport.portnumber(9100, "udp") local response = try( dns.query( "", { port = 5353, host = host.ip, dtype="PTR", retPkt=true} ) ) Your previous portrule would have allowed the script to run if either port was open, and I'm confused about which port was really being targeted. I know I said that the protocol didn't look like DNS-SD, but it's strange to run something on port 5353 that's almost but not quite DNS-SD. What does dns-service-discovery sa about this device, if anything? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Lexmark matches and script Patrik Karlsson (Jan 04)
- Re: Lexmark matches David Fifield (Jan 12)
- Re: Lexmark matches Patrik Karlsson (Jan 12)
- Re: Lexmark script David Fifield (Jan 12)
- Re: Lexmark script Patrik Karlsson (Jan 13)
- Re: Lexmark script David Fifield (Jan 22)
- Re: Lexmark script Patrik Karlsson (Jan 23)
- Re: Lexmark script David Fifield (Jan 29)
- Re: Lexmark script Patrik Karlsson (Jan 13)
- Re: Lexmark matches David Fifield (Jan 12)