Nmap Development mailing list archives
Re: AFP probe
From: Matt Selsky <selsky () columbia edu>
Date: Wed, 6 Jan 2010 14:38:50 -0500
On Jan 4, 2010, at 4:51 AM, Patrik Karlsson wrote:
The SSLSessionReq probe fails to detect AFP on my Linux boxes (Netatalk) and on Snow Leopard. I'm submitting a patch containing new probe and match lines that detect AFP on these systems.
I tried this against a netatalk 1.6.4 server with the following response: SF-Port548-TCP:V=5.10BETA2%I=7%D=1/6%Time=4B44E471%P=i386-apple-darwin10.2.0%r(afp,188,"\x01\x03\0\x01\0\0\0\0\0\0\x01x\0\0\0\0\0\x1c\0!\0V\0a\x80}\x SF:08manchego\0\x01a\x01q\0\0\0\0\x04unix\x04\x0eAFPVersion\x201\.1\x0eAFP SF:Version\x202\.0\x0eAFPVersion\x202\.1\x06AFP2\.2\x01\tDHCAST1280\0\x8f\ SF:xf8\xcc\x01H\x0c\xb32\(\n\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x81 SF:\x803\xe3\xc1\x80\x0b\xd3\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe1\ SF:xe1\x80\x0b\xd1\xe1\xc0\n\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff!\ SF:xcb\xff\xc4@\x7f\xff\x02\x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xff\ SF:xff\xff\xff\0\x02\x80\0\0\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x07 SF:\xc0\0\0\x05@\0\x0f\xf9\?\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\xf SF:c\x01\xcf\xfc\xff3\xef\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\ SF:xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff SF:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\xf SF:f\xff\x1f\xff\xff\xff\?\xff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\xff SF:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\0\ SF:x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff\x SF:ff\?\xfe\xff\xff\xff\xfc\x7f\xff\x83\xc74\x11\x83\xc74\x11\x83\xc74\x11 SF:\x83\xc74\x11\x01\x06\x01\x80;;7"); The nodename is manchego. Protocol versions supported (according to wireshark) AFPVersion 1.1 AFPVersion 2.0 AFPVersion 2.1 AFP2.2 Seems like we should push the nodename and the most recent version supported in the info line. -- Matt _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- AFP probe Patrik Karlsson (Jan 04)
- Re: AFP probe Matt Selsky (Jan 06)
- Re: AFP probe Patrik Karlsson (Jan 06)
- Re: AFP probe David Fifield (Jan 06)
- Re: AFP probe Patrik Karlsson (Jan 06)
- Re: AFP probe David Fifield (Jan 12)
- Re: AFP probe David Fifield (Jan 18)
- Re: AFP probe Matt Selsky (Jan 06)