[PATCH] DNS-based Service Discovery service probe (original) (raw)
Nmap Developmentmailing list archives
From: David Fifield <david () bamsoftware com>
Date: Fri, 14 Aug 2009 14:43:44 -0600
Hi,
I'm working on UDP payloads today and one of them so far would make a good version probe. Index: nmap-service-probes
##############################NEXT PROBE##############################
DNS-based service discovery (DNS-SD). Asks for all services on the host.
http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt, section 9.
Probe UDP DNS-SD q|\0\0\0\0\0\x01\0\0\0\0\0\0\x09_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01| rarity 4 ports 5353
mDNSResponder-176.3
match mdns m|^\0\0\x84\0\0\x01..\0\0\0\0\x09_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01| p/Apple mDNSResponder/
It's a DNS Service Discovery (DNS-SD) request. DNS-SD is combined with multicast DNS in Apple's Zeroconf and other similar implementations. The response is a DNS reply that contains a list of services offered by the host.
http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt
The port name in nmap-services is "zeroconf" but I think it should be "mdns". Zeroconf is a collection of protocols of which multicast DNS and DNS-SD are a part. Even though the probe we send is unicast, port 5353 is the one reserved for multicast DNS.
The format of the reply is fairly rigid so I don't know if this probe will allow distinguishing different DNS-SD implementations. The only one other than mDNSResponder I'm aware of is Avahi.
David Fifield
Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] DNS-based Service Discovery service probe David Fifield (Aug 14)
- Re: [PATCH] DNS-based Service Discovery service probe Brandon Enright (Aug 14)
* Re: [PATCH] DNS-based Service Discovery service probe David Fifield (Aug 18)
- Re: [PATCH] DNS-based Service Discovery service probe Brandon Enright (Aug 14)