52 lines
3.5 KiB
Plaintext
52 lines
3.5 KiB
Plaintext
|
|
||
|
UDP Data Probes
|
||
|
======
|
||
|
|
||
|
This directory contains a set of data files that can be used with the UDP probe module.
|
||
|
|
||
|
|
||
|
USING:
|
||
|
-----
|
||
|
|
||
|
$ zmap -M udp -p 137 --probe-args=file:examples/udp-probes/netbios_137.pkt
|
||
|
|
||
|
|
||
|
PROBES:
|
||
|
-----
|
||
|
|
||
|
citrix_1604.pkt This probe triggers a response from Citrix application discovery services on UDP port 1604
|
||
|
db2disco_523.pkt This probe triggers a response from IBM DB2 discovery services on UDP port 523
|
||
|
digi1_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (default magic)
|
||
|
digi2_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (devkit magic)
|
||
|
digi3_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (oem magic)
|
||
|
dns_53.pkt This probe queries for the DNS vendor and version using the BIND version TXT record over UDP port 53
|
||
|
dns_53_queryAwww.google.it.pkt This probe queries for the domain www.google.it A record over UDP port 53
|
||
|
dns_53_queryAwww.google.com.pkt This probe queries for the domain www.google.com A record over UDP port 53
|
||
|
ipmi_623.pkt This probe triggers a Get Channel Authentication reply from IPMI endpoints on UDP port 623
|
||
|
mdns_5353.pkt This probe triggers a response from mDNS/Avahi/Bonjour discovery services on UDP port 5353
|
||
|
memcache_11211.pkt This probe triggers a response from memcached on UDP port 11211 (stats items).
|
||
|
mssql_1434.pkt This probe triggers a response from Microsoft SQL Server discovery services on UDP port 1434
|
||
|
natpmp_5351.pkt This probe triggers a response from NATPMP-enabled devices on UDP port 5351
|
||
|
netbios_137.pkt This probe triggers a status reply from NetBIOS services on UDP port 137
|
||
|
ntp_123.pkt This probe triggers a response from NTP services on UDP port 123
|
||
|
ntp_123_monlist.pkt This probe triggers a response for command "monlist" from NTP services on UDP port 123
|
||
|
pca_nq_5632.pkt This probe triggers a response from PC Anywhere services on UDP port 5632 (network query)
|
||
|
pca_st_5632.pkt This probe triggers a response from PC Anywhere services on UDP port 5632 (status)
|
||
|
portmap_111.pkt This probe triggers a response from SunRPC portmapper services on UDP port 111
|
||
|
ripv1_520.pkt This probe triggers a response from the RIPv1 enabled routers/devices on UDP port 520
|
||
|
sentinel_5093.pkt This probe triggers a response from the Sentinel license manager service on UDP port 5093
|
||
|
snmp1_161.pkt This probe queries for the system description field of SNMP v1 services using community string public over UDP port 161
|
||
|
snmp2_161.pkt This probe queries for the system description field of SNMP v2 services using community string public over UDP port 161
|
||
|
snmp3_161.pkt This probe triggers a response from SNMP v3 services on UDP port 161
|
||
|
upnp_1900.pkt This probe triggers a response from UPnP SSDP services on UDP port 1900
|
||
|
wdbrpc_17185.pkt This probe triggers a response from VxWorks WDBRPC services on UDP port 17185
|
||
|
wsd_3702.pkt This probe triggers a response from WSD/DPWS services on UDP port 3702
|
||
|
coap_5683.pkt This probe triggers a response from COAP services on UDP port 5683
|
||
|
|
||
|
NOTES:
|
||
|
-----
|
||
|
|
||
|
Most of these probes return useful data in the response. Parsing this data requires capturing the raw output
|
||
|
and decoding this using a protocol-specific dissector. In most cases, Wireshark is capable of decoding these
|
||
|
replies.
|