Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: nmap-service-probes matching questions

nmap-service-probes matching questions

From: Kris Katterjohn <katterjohn_at_gmail.com>
Date: Tue, 01 Apr 2008 11:41:00 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

I've always loved Nmap's Service Detection; it's definitely high on my
list of top features.

I would like to help out with Service Detection if I can, but before any
of that I have some questions that I can't find exact answers to in the
docs.

I've attached a small patch which combines some match lines into one
using alternation.

Questions:

o Is it better to combine matches like I have done with the first two
sets when the difference is small? Only one word is different between
the matches.

o In the third one, is this how it is done to capture the substrings and
to have them match correctly? What are the $N values for these? This
is what it seems like it would be (excluding $1 and $2 which I didn't
touch):

$3 is the outer () capture, which is either "posting ok" or "no posting"
depending on the match
$4 is the first inner () capture, which is "posting ok"
$5 is the second inner () capture, which is "no posting"

Is this correct?

Sorry if these are simple. I use vi and [e]grep all the time, with awk
and sed fairly often, but I rarely use Perl (gasp!) or anything else
with nested captured substrings so I'm clueless here.

Thanks a lot,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR/Jlm/9K37xXYl36AQI9lg/8Dw64mqgVZc/IokQDgcBr9mU+RK9WbSAb
3LGlBu1itljn+LOj+8YRgXYLRWxx1Une6+ZP+BakPaI7cW9gwvXtHiF3kQpIeZ4W
suZ2xA1xarl+tEJA3+QSPS4eR3ytHpJieVfJQ6MIq18oUqKMmH6GCa70Yltf8BEw
+UluO5ZIDRasIT1oqzpUcwA+ZCNCUiDERhDjcuDkp+zwYzFuV+zid7f9JUkZkya0
MbeVLbnctaMxZnGQexi1+4Zs20RbcZhm7WT4ezI6hkcduPAT/xeg/yvD7tIjB47c
kY9hZGrWKECCusf36BUCFNF0CVjMh23RA6mLINEZmnLSPLLSTLYsMlk+WqtBBQcM
hMWZQ6z2u9lKaxaS4Szn+34dW0W0mPiaxULjwN+yD7dNM+3b1ZOwETVH7h4bZ53y
rFJeIq/wZf4sTftJlY/ELHmlo4SxqDanKTEljUE015vQhTG8+TSYzRPxkubyYBLa
aly5f1Y8Xf+aO0GDZlw7BPJ7icy48dlu4iKYeyHPtMvYCfu7twK/+utmIw2VyZ9S
XAebXtY1XYV7DvBeT+zrKoN9bg5MaS7ER86kAOta5eH93YIi6BuNh2PJiIxKgusR
OTQ0DH7L/N2K8eHZX/b7nDiVR+CG4Kw+zzC4Cp9kmS7C+yGeDwr3iU/jPkBqevN+
XNyMQTihOcg=
=c+d+
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Apr 01 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]