html>Error\nYour client sent an invalid \x01default request without a\nprotocol version $assuming HTTP v0\.9$\.\n

The request can not be processed\.$| p/Polycom VVX VoIP phone http config/ d/VoIP phone/ # Port 19350 match fms-core m|^\x01\x01\x14\0\0%\0\0\0\0\0\0\0\x02\0\x08register\0\0\0\0\0\0\0\0\0\x05\x02\0\r_defaultRoot_| p/Adobe Flash Media Server core/ match printer m|^\0$| match printer m|^default: unknown printer\n$| p/Solaris lpd/ o/Solaris/ cpe:/o:sun:sunos/a # Microsoft Windows 2000 server LPD match printer m|^\x01\x01$| p/Microsoft lpd/ # Blackbox Terminal Server (IOLAN v4.03.00 a CDi) # Chase IOLAN terminal server lpd # Bay Networks MicroAnnex XL Comm. Server R10.0 match printer m|^[\x01\x02]$| match printer m|^[-.\w]+: lpsched: unknown printer\n$| p/SGI IRIX lprsrv/ o/IRIX/ match printer m|^Printer default not found $[\w_]+$\.\n| p/print server/ d/print server/ match printer m|^VSE Line Printer Daemon has rejected this request\.\0\0| p/VSE lpd/ d/print server/ match printer m|^no queue to check\n\0$| p/Wyse Winterm 1200 LE terminal lpd/ d/terminal/ match printer m|^/usr/local/helios/sbin/lpd Printer default doesn't exist! \n$| p/Helios lpd/ match rbnb m|^EXM {EXC \0\x1fcom\.rbnb\.api\.SerializeExceptionMSG \0JUnrecognizable parameter read from input stream\.\nElement read was \x01default}\r\nPNG {}\r\n| p/Ring Buffered Network Bus/ i|http://outlet.creare.com/rbnb/| match rfactor-monitor m|^\x02rFactorMonitor\x000400\0$| p/rFactor game monitor/ match gpsd m|^GPSD,D=\?,E=\?,F=([-\w_./]+),A=\?,U=\?,L=\d ([-\w_.]+) abcdefgiklmnopqrstuvwxyz,T=\?\r\n| p/gpsd/ v/$2/ i/Serial port $1/ # Ldap bind request, version 2, null DN, AUTH_TYPE simple, null password ##############################NEXT PROBE############################## Probe TCP LDAPBindReq q|\x30\x0c\x02\x01\x01\x60\x07\x02\x01\x02\x04\0\x80\0| rarity 6 ports 256,257,389,390,1702,3268,3892 sslports 636,637,3269 match defrag m|^h\0\0\0\x01\0\0\0\x03\0\0\0\x07\x08\0\0\x02\0\0\0\0d\0\0\0\0\xd9\$\x01\0\0\0\0\0\0T\0\0\0\0\0\0\xb7x\x01\0\0\0\0\0\xc4\x05\0\0\0\0\0\0\xc4\x05\0\0\0\0\0\0\xe2\x0b\0\0\0\0\0\0\xb7\xb5p@\^\xa7\x08\0\0\0\0\0| p/O&O Defrag/ o/Windows/ cpe:/o:microsoft:windows/a match fw1-secureremote m|^[AQ]\0\0\0\0\0\0[^\0]| p/Checkpoint Firewall1 SecureRemote/ d/firewall/ match fw1-log m|^\0\0\0\t51000000\0\0\0\0[^\0]| p/Checkpoint Firewall1 logging service/ d/firewall/ # OpenLDAP 2.0.15 on RH Linux 7.3 match ldap m|^0%\x02\x01\x01a \n\x010\x04\0\x04\x19anonymous bind disallowed$| p/OpenLDAP/ i/access denied/ # OpenLDAP 2.1.22 - doesn't by default allow LDAPv2 request match ldap m|^02\x02\x01\x01a-\n\x01\x02\x04\0\x04&requested protocol version not allowed$| p/OpenLDAP/ v/2.1.X/ # OpenLDAP 2.2.8 match ldap m|^0E\x02\x01\x01a@\n\x01\x02\x04\0\x049historical protocol version requested, use LDAPv3 instead| p/OpenLDAP/ v/2.2.X - 2.3.X/ match ldap m|^0\x84\0\0\0I\x02\x01\x01a\x84\0\0\0@\n\x01\x02\x04\0\x049historical protocol version requested, use LDAPv3 instead$| p/OpenLDAP/ v/2.4.X/ match ldap m|^0\x1a\x02\x01\x01a\x15\n\x01\0\x04\0\x04\x0eanonymous bind| p/Nortel CallPilot LDAP/ # Netware 6 # Macintosh 8 # Win 2000 Advanced server. match ldap m|^0\x0c\x02\x01\x01a\x07\n\x01\0\x04\0\x04\0| i/Anonymous bind OK/ # MS Windows Win2K SP4 AD server, also Oracle LDAP on Linux match ldap m|^0\x84\0\0\0\x10\x02\x01\x01a\x84\0\0\0\x07\n\x01\0\x04\0\x04\0$| # PGP Corporation PGP Keyserver 7.0 (relabeled Freeware PGP Keyserver 2.5.8) # PGP LDAP Server 8.x match ldap m|^0\x17\x02\x01\x01a\x12\n\x01\0\x04\0\x04\x0bPGPError #0$| p/PGP Corp. PGP Keyserver/ # OctetString VDE Enterprise Edition on Linux 2.4 match ldap m|^0\x0e\x02\x01\x01a\t\n\x01\0\x04\0\x04\0\x87\0$| p/OctetString VDE directory service/ # Lotus Notes 6.5.3 LDAP on W2K3, anonymous bind not allowed, port 637 (ssl) match ldap m|^0\.\x02\x01\x01a\)\n\x010\x04\0\x04\"Failed, anonymous bind not allowed$| p/Lotus Domino 6.x LDAP/ i/access denied/ # This came off a KIRK Wireless VoIP adapter which I *think* uses Cisco LDAP ?? match ldap m|^0\x0c\x02\x01\x01a\x07\n\x011\x04\0\x04\0$| p/Cisco LDAP server/ match ldap m|^0.\x02.*TLS confidentiality required|s i/TLS required/ match ldap m|^0&\x02\x01\x01a!\n\x01\x02\x04\0\x04\x1aOnly LDAP v3 is supported\.$| p/ApacheDS LDAP/ i/LDAPv3/ match ldap m|^0\x1a\x02\x01\x01a\x15\n\x01\0\x04\0\x04\x0eBind succeeded$| p/Siemens DirX/ # This probe sends a SIP OPTIONS request. # Most of the numbers, usernames, and hostnames are abitrary. ##############################NEXT PROBE############################## Probe TCP SIPOptions q|OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/TCP nm;branch=foo\r\nFrom: ;tag=root\r\nTo: \r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: \r\nAccept: application/sdp\r\n\r\n| rarity 5 ports 406,5060,8081,31337 sslports 5061 fallback GetRequest # Some VoIP phones take longer to respond totalwaitms 7500 match atalla m|^<00#020035#0101##>\r\n<00#020035#0101##>\r\n<00#020035#0101##>\r\n| p/Atalla Hardware Security Module payment system/ d/specialized/ match http m|^SIP/2\.0 501 Not Implemented\r\nServer: Embedded HTTP Server ([\d.]+)\r\n| p/Embedded HTTP Server/ v/$1/ match http m|^HTTP/1\.1 500 Internal Server Error\r\nServer: Catwalk/([\d.]+)\r\n| p/Catwalk/ v/$1/ i/Canon imageRUNNER C5000-series printer http config/ d/printer/ cpe:/h:canon:imagerunner_c5000/ # Canon iR3235 match http m|^HTTP/1\.1 500 Internal Server Error\r\nServer: Catwalk\r\n| p/Catwalk/ i/Canon imageRUNNER printer http config/ d/printer/ match http m|^HTTP/1\.0 404 Resource not found\r\nServer: Opera/([\w._-]+)\r\n.*Set-Cookie: unite-session-id=[0-9a-f]+; Max-Age=2073600; path=/\r\n|s p/Opera Unite httpd/ v/$1/ match http m|^HTTP/1\.0 302 Found\r\nLocation: ([\w:/.-]*)sip:nm\r\nServer: BigIP\r\nConnection: close\r\nContent-Length: 0\r\n\r\n$| p/F5 BIG-IP load balancer httpd/ i/redirecting to $1/ d/load balancer/ match http m|^HTTP/1\.1 401 Access Denied\r\n.*Set-Cookie: logintheme=cpanel; path=/; secure; port=\d+\r\n.*Server: cpsrvd/([\w._-]+)\r\n|s p/cPanel httpd/ v/$1/ match http m|^HTTP/1\.1 401 Access Denied\r\n.*Set-Cookie: logintheme=cpanel; path=/; HttpOnly; port=\d+\r\n.*Server: cpsrvd/([\w._-]+)\r\n|s p/cPanel httpd/ v/$1/ o/Unix/ match http m|^HTTP/1\.1 302 Moved Temporarily\r\nDate: .*\r\nLocation: https://[\w._-]+sip:nm\r\nConnection: close\r\n\r\n$| p/Asterisk PBX httpd/ d/PBX/ match http m|^HTTP/1\.0 501 Document Follows\r\nContent-Type: text/html\r\nContent-Length: 106\r\n\r\n501 Method Not Implemented\r\n

501 Method Not Implemented

\r\n$| p/HP StorageWorks MSL2024 tape library httpd/ d/storage-misc/ match http m|^HTTP/2\.0 404 Not Found\r\nDate: .*\r\nServer: Restlet-Framework/([\w._-]+)\r\n.*Status page\n\n\n

Not Found

The server has not found anything matching the request URI

\n|s p/Serviio media server http status/ i/Restlet framework $1/ match http m|^HTTP/2\.0 404 Not Found\r\n.*Server: Restlet-Framework/@major-number@\.@minor-number@@release-type@@release-number@\r\n.*

The server has not found anything matching the request URI

|s p/Serviio media server http status/ v/1.2/ match http m|^HTTP/1\.1 500 Internal Server Error\r\nContent-Length: \d+\r\nContent-Type: text/plain\r\n\r\nTraceback $most recent call last$:\n File \"([\w._/-]+/sickbeard/cherrypy)/wsgiserver/__init__\.py\", line \d+, in communicate\n| p/CherryPy/ i/Sick Beard PVR; path: $1/ match imsp m|^VIA: BAD IMSP busy\r\nFROM: BAD IMSP busy\r\nTO: BAD IMSP busy\r\n| match rtsp m|^RTSP/1\.0 405 Method Not Allowed\r\nCSeq: 42\r\n\r\n| p/Lotus Domino Sametime RTSP/ match telnet m|^login: Login incorrect\nlogin: Login incorrect\nlogin: Login incorrect\nlogin: Login incorrect\nlogin: Login incorrect\n| p/McAfee firewall telnetd/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: PolycomSoundStationIP-SSIP_(\d+)-UA/([\d.]+)_(\w+)\r\n|s p/Polycom SoundStation $1/ v/$2/ i/MAC: $3/ d/VoIP phone/ match sip m|^SIP/2\.0 .*\r\nUser-Agent: PolycomSoundPointIP-SPIP_(\d+)-UA/([\d.]+)_(\w+)\r\n|s p/Polycom SoundPoint $1/ v/$2/ i/MAC: $3/ d/VoIP phone/ match sip m|^SIP/2\.0 .*\r\nUser-Agent: PolycomSoundPointIP-SPIP_(\d+)-UA/([\d.]+)\r\n|s p/Polycom SoundPoint $1/ v/$2/ d/VoIP phone/ match sip m|^SIP/2\.0 400 Invalid Contact information\r\n.*received=[\d.]+;ms-received-port=\d+;ms-received-cid=\d+\r\n|s p/Microsoft Live SIP client/ o/Windows/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 400 Invalid Contact information\r\n.*Via: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+;ms-received-port=\d+;ms-received-cid=[0-9A-F]{8}\r\nms-diagnostics: \d+;reason=\"Parsing failure\";source=\"([\w._-]+)\"\r\nContent-Length: 0\r\n\r\n$|s p/Microsoft Office Communications Server/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 501 Not Implemented.*\r\nServer: SJphone/([-\w_.]+) $SJ Labs$\r\n|s p/SJphone SIP client/ v/$1/ match sip m|^SIP/2\.0 404 Not Found\r\n.*\r\nUser-Agent: Speedport ([\w._ -]+) $|s p/T-Com Speedport/ v/$1/ d/broadband router/ match sip m|^SIP/2\.0 404 Not Found\r\n.*\r\nServer: Speedport/([\d.-]+)\r\n|s p/T-Com Speedport/ v/$1/ d/broadband router/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: X-Lite release ([\w._ -]+)\r\n|s p/X-Lite SIP phone/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: X-Lite Beta release ([\w._ -]+)\r\n|s p/X-Lite SIP phone/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 404 Not Found\r\n.*\r\nServer: Twinkle/([\w._-]+)\r\n|s p/Twinkle softphone/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*\r\nUser-Agent: BT Home Hub\r\n|s p/BT HomeHub/ d/VoIP phone/ match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*\r\nUser-Agent: BT Home Hub (\d+)\r\n|s p/BT HomeHub/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: TANDBERG/81 \(([\w._ -]+)$\r\n|s p/Tandberg MXP VoIP server/ v/$1/ d/VoIP adapter/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: TANDBERG/([\w._-]+) $([\w._ -]+)$\r\n|s p/Tandberg-$1 VoIP server/ v/$2/ d/VoIP adapter/ match sip m=^SIP/2\.0 \d\d\d .*Server: TANDBERG/(?:69|4098|4100) $([\w._ -]+)$\r\n=s p/Tandberg VCS VoIP server/ v/$1/ d/VoIP adapter/ match sip m|^SIP/2\.0 400 Transport protocol incorrect\r\n| p/Microsoft Office Communications Service 2005/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nAccept: application/sdp\r\nAccept-Language: en\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO\r\nSupported: replaces\r\nAllow-Events: presence, message-summary, tunnel-info\r\n|s p/3CX VoIP PBX/ d/PBX/ o/Windows/ cpe:/o:microsoft:windows/a match sip m|^SIP/2\.0 405 Method Not Allowed\r\n.*\r\nUser-Agent: ABS ECC\r\n|s p/Alcatel-Lucent OmniTouch Unified Communication VoIP gateway/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: Zoiper (rev\.\d+)\r\n|s p/Zoiper VoIP software/ v/$1/ match sip m|^SIP/2\.0 404 Not Found\r\n.*Server: Asterisk PBX ([\w._~+-]+)\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO\r\n|s p/Asterisk/ v/$1/ d/PBX/ match sip m|^SIP/2\.0 404 Not Found\r\n.*Server: Asterisk PBX ([\w._~+-]+)\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\n|s p/Asterisk/ v/$1/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: Asterisk PBX ([\w._~+-]+)\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\n|s p/Asterisk/ v/$1/ d/PBX/ match sip m|^SIP/2\.0 .*\r\nServer: Glassfish_SIP_([\w._-]+)\r\n|s p/Glassfish SIP Server/ v/$1/ match sip m|^SIP/2\.0 200 OK\r\n.*To: ;tag=[0-9a-f-]+\r\n.*Allow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,INFO,NOTIFY,PRACK,MESSAGE\r\n.*Supported: replaces,timer,100rel\r\nAccept: application/sdp\r\n|s p/Cisco 7940 IP Phone/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Telepathy-SofiaSIP/([\w._-]+) sofia-sip/([\w._-]+)\r\n|s p/Telepathy-SofiaSIP/ v/$1/ i/sofia-sip $2/ match sip m|^SIP/2\.0 503 Service Unavailable\r\n.*Warning: 399 \"Routing failed: ccbid=997 tcpindex=2 socket=nm:\d+'\r\n.*To: ;tag=\d+\r\n|s p/Cisco CallManager 6/ match sip m|^SIP/2\.0 500 Server Internal Error\r\n.*User-Agent: Thomson Inventel / HW_V[\w._-]+ / FW_V[\w._-]+ / SW_V([\w._-]+)\r\n|s p/Aladino SIP phone/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 406 Not acceptable\r\n.*Server: sipXecs/([\w._-]+) sipXecs/sipxbridge $Linux$\r\n|s p/SIPfoundry sipXecs PBX/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: VOIP_Agent_001\r\nAllow: INVITE, ACK, BYE, CANCEL, OPTIONS, SUBSCRIBE, REFER, NOTIFY, UPDATE, MESSAGE, SERVICE, INFO, PING\r\n|s p/D-Link DVG-5121SP VoIP adapter/ d/VoIP adapter/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Sipek on PJSUA v([\w._-]+)/win32\r\n|s p/Sipek VoIP/ v/$1/ i/on PJSUA/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: snom([\w._-]+)/([\w._-]+)\r\n|s p/Snom $1 VoIP phone/ v/$2/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContact: \r\nAllow: INVITE,ACK,CANCEL,OPTIONS,UPDATE,INFO,NOTIFY,BYE,REFER\r\nAccept: application/sdp,application/media_control\+xml,application/dtmf-relay,application/dtmf,message/sipfrag;version=2\.0\r\nContent-Length: 0\r\n\r\n| p/Tandberg Codian IP GW 3510 VoIP gateway/ d/VoIP adapter/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: (AVM FRITZ!Box Fon WLAN [\w._-]+) ([\w._-]+ $\w+ \d+ \d+$)|s p/$1 SIP/ v/$2/ d/WAP/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: QIP ([\w._ -]+)\r\n|s p/QIP instant messenger SIP/ v/$1/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: T-Com-IpPbxSrv/([\w._-]+)\r\n|s p/Telekom Netphone VoIP phone SIP/ v/$1/ d/VoIP phone/ match sip m|^SIP/2\.0 403 Not relaying\r\n.*Server: kamailio $([\w._-]+) \(x86_64/linux$\)\r\n|s p/Kamailio/ v/$1/ i/x86_64/ o/Linux/ cpe:/o:linux:linux_kernel/ match sip m|^SIP/2\.0 478 Unresolvable destination $478/SL$\r\n.*Server: kamailio $([\w._-]+) \(x86_64/linux$\)\r\n|s p/Kamailio/ v/$1/ i/x86_64/ o/Linux/ cpe:/o:linux:linux_kernel/ match sip m|^SIP/2\.0 405 Method Not Allowed\r\n.*User-Agent: Patton SN(\w+) 5BIS MxSF v([\w._-]+) [0-9A-F]+ R([\w._-]+) (\d\d\d\d-\d\d-\d\d) H323 SIP BRI\r\n\r\n|s p/Patton SmartNode $1 VoIP adapter http config/ v/$2 $4/ d/VoIP adapter/ o/SmartWare $3/ cpe:/h:patton:sn$1/ cpe:/o:patton:smartware:$3/ match sip m|^SIP/2\.0 404 Not Found\r\nVia: SIP/2\.0/TCP nm;branch=foo;received=[\d.]+\r\nTo: ;tag=\w+\r\nFrom: ;tag=root\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContent-Length: 0\r\n\r\n$| p/Nokia N86 phone SIP/ d/phone/ cpe:/h:nokia:n86/ match sip m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/TCP nm;received=[\d.]+;branch=foo\r\nCall-ID: 50000\r\nFrom: ;tag=root\r\nTo: ;tag=foo\r\nCSeq: 42 OPTIONS\r\nAllow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS\r\nAccept: application/sdp, application/pidf\+xml, application/xpidf\+xml, application/simple-message-summary, message/sipfrag;version=2\.0, application/im-iscomposing\+xml, text/plain\r\nSupported: replaces, 100rel, timer, norefersub\r\nAllow-Events: presence, message-summary, refer\r\nUser-Agent: netTALK\r\n| p/netTALK/ d/phone/ match sip m|^SIP/2\.0 200 OK\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nTo: ;tag=\w+\r\nFrom: ;tag=root\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nAllow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,NOTIFY\r\nContent-Type: application/sdp\r\nContent-Length: \d+\r\n\r\nv=0\r\no=- \d+ \d+ IN IP4 [\d.]+\r\ns=-\r\nc=IN IP4 [\d.]+\r\nt=0 0\r\nm=audio 0 RTP/AVP 18 4 3 8 0 101\r\na=rtpmap:101 telephone-event/8000\r\n$| p/eyeP Media VoIP phone SIP/ d/VoIP phone/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: Aastra (MX-ONE) SN/([\w._-]+)\r\n|s p/Aastra $1 PBX SIP/ v/$2/ d/PBX/ match sip m|^SIP/2\.0 504 Server time-out\r\nms-user-logon-data: RemoteUser\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nContent-Length: 0\r\n\r\n$| p/Microsoft Outlook Web Access SIP/ match sip m|^SIP/2\.0 481 Call Leg/Transaction Does Not Exist\r\nFrom: ;tag=root\r\nTo: ;tag=0-\w+-\w+-\w+-\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;received=[\d.]+;branch=foo\r\nContent-Length: 0\r\n\r\n$| p/Sony PCS-TL50 videoconferencing SIP/ cpe:/h:sony:pcs-tl50/ match sip m|^SIP/2\.0 404 Not found\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nFrom: ;tag=root\r\nTo: ;tag=local-tag\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nContact: \r\nContent-Length: 0\r\n\r\n$| p/Edgewater Networks Edgemarc 4500 series VoIP gateway SIP/ d/VoIP adapter/ match sip m|^SIP/2\.0 504 Server time-out\r\nms-user-logon-data: RemoteUser\r\nFrom: ;tag=root\r\nTo: ;tag=\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/TCP nm;branch=foo\r\nServer: RTC/4\.0\r\nContent-Length: 0\r\n\r\n| p/Microsoft Lync SIP/ match sip m|^SIP/2\.0 403 Non-self Request-URI\r\n.*Server: Epygi Quadro SIP User Agent/v([\w._-]+) $QUADRO-([^$]*)\)\r\n|s p/Epygi Quadro $2 PBX SIP/ v/$1/ d/PBX/ cpe:/h:epygi:$2/ match sip m|^SIP/2\.0 200 OK\r\n.*Allow: INVITE,ACK,CANCEL,OPTIONS,UPDATE,INFO,NOTIFY,BYE,REFER\r\nAccept: application/sdp,application/media_control\+xml,application/dtmf-relay,application/dtmf,message/sipfrag;version=2\.0\r\n|s p/Cisco TelePresence MCU 4505 videoconference system SIP/ cpe:/h:cisco:telepresence_mcu_4505/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent:Polycom (HDX [\w._ -]+) $Release - ([\w._-]+)$\r\n|s p/Polycom $1 videoconference system SIP/ v/$2/ cpe:/h:polycom:$1/ match sip-proxy m|^SIP/2\.0 .*\r\nUser-Agent: Asterisk PBX ([\w._+-]+)\r\n|s p/Asterisk PBX/ v/$1/ d/PBX/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenS[Ee][Rr] $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/OpenSER SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sip EXpress router $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/SIP Express Router/ v/$1/ i/$2/ # OpenSER and SER have joined to become SIP Router match sip-proxy m|^SIP/2\.0 .*\r\nServer: SIP Router $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/SIP Router/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenSIPS $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/OpenSIPS SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Cisco-SIPGateway/IOS-([-\d\w.]+)\r\n|s p/Cisco SIP Gateway/ i/IOS $1/ d/router/ o/IOS/ cpe:/o:cisco:ios/a match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sphericall/([\w._-]+) Build/(\d+)\r\n|s p/Sphericall VoIP Gateway/ v/$1 build $2/ o/Windows/ cpe:/o:microsoft:windows/a match sip-proxy m|^SIP/2\.0 .*\r\nServer: CommuniGatePro/([\w._-]+)\r\n|s p/CommuniGatePro VoIP Gateway/ v/$1/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sip EXpress router $([\w._-]+) OpenIMSCore \(i386/linux$\)\r\n|s p/OpenIMSCore SIP EXpress router/ v/$1/ i/Linux i386/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip-proxy m|^SIP/2\.0 200 OK\r\n.*User-Agent: FreeSWITCH-mod_sofia/([\w._ +~-]+)\r\n|s p/FreeSWITCH mod_sofia/ v/$1/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*User-Agent: Configured by 2600hz!\r\n.*Accept: application/sdp\r\nAllow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE\r\n|s p/FreeSWITCH/ d/PBX/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: 3CXPhoneSystem ([\w._-]+)\r\n|s p/3CX PhoneSystem PBX/ v/$1/ o/Windows/ cpe:/o:microsoft:windows/a match sip-proxy m|^SIP/2\.0 503 Remote end of tunnel is not connected\r\n.*\r\nWarning: \d+ \w+ \"Remote end of the bridge is not connected\"\r\n|s p/3CX PhoneSystem PBX/ i/misconfigured/ d/PBX/ o/Windows/ cpe:/o:microsoft:windows/a match sip-proxy m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: ComdasysB2BUA([\w._-]+)\r\n|s p/Comdasys SIP Server/ v/$1/ match sip-proxy m|^SIP/2\.0 405 Method Not Allowed\r\n.*\r\nServer: SIParator/([\w._-]+)\r\n|s p/Ingate SIParator/ v/$1/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: Audiocodes-Sip-Gateway-(Mediant [\w._-]+)/v([\w._-]+)\r\n|s p/Audiocodes $1 SIP gateway/ v/$2/ d/VoIP adapter/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: Audiocodes-Sip-Gateway-(MP-[\w._ -]+)/v\.([\w._-]+)\r\n|s p/Audiocodes $1 SIP gateway/ v/$2/ d/VoIP adapter/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*User-Agent: Berofix VOIP Gateway\r\n|s p/Berofix VoIP gateway/ d/VoIP adapter/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*Server: HiPath ([\w._-]+) V([\w._ -]+) SIP Stack/([\w._-]+)\r\n|s p/Siemens HiPath $1 VoIP gateway/ v/$2/ i/SIP stack $3/ d/VoIP adapter/ # The SIPOptionsProbe can trigger a response out of psyBNC match irc-proxy m|^Login failed\. Disconnecting\.\r\n$| p/psyBNC/ i/Login Failed/ match upnp m|^HTTP/1\.1 404 Not Found\r\nConnection: close\r\nServer: UPnP/([\w._-]+), DLNADOC/([\w._-]+), Platinum/([\w._-]+)\r\n\r\n| p/XBMC UPnP/ i/Platinum $3; DLNADOC $2; UPnP $1/ o/Linux/ cpe:/o:linux:linux_kernel/ match webdav m|^HTTP/1\.1 200 OK\r\n.*Server: cPanel\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nAllow: UNLOCK,HEAD,MOVE,OPTIONS,LOCK,POST,PUT,COPY,MKCOL,GET,DELETE,PROPFIND\r\nContent-Type: httpd/unix-directory\r\nDAV: 1,2,\r\nKeep-Alive: timeout=15, max=96\r\nMS-Author-Via: DAV\r\n\r\n|s p/cPanel webdav/ o/Linux/ cpe:/o:linux:linux_kernel/a match xmpp m|^

$| p/Isode M-Link XMPP/ cpe:/a:isode:m-link/ # internal communication service of Yamaha RX-V2067 AV-Receiver match yamaha-comm m|^@SYS:INPNAMEMULTICH=MULTI CH\r\n@SYS:INPNAMEPHONO=PHONO\r\n@SYS:INPNAMEAV1=Blu-ray\r\n@SYS:INPNAMEAV2=Dreambox\r\n@SYS:INPNAMEAV3=PS 3\r\n@SYS:INPNAMEAV4=AV4\r\n@SYS:INPNAMEAV5=AV5\r\n@SYS:INPNAMEAV6=AV6\r\n@SYS:INPNAMEAV7=AV7\r\n@SYS:INPNAMEVAUX=V-AUX\r\n@SYS:INPNAMEAUDIO1=TV\r\n@SYS:INPNAMEAUDIO2=AUDIO2\r\n@SYS:INPNAMEAUDIO3=AUDIO3\r\n@SYS:INPNAMEAUDIO4=AUDIO4\r\n@SYS:INPNAMEDOCK=DOCK\r\n@SYS:INPNAMEUSB=USB\r\n@TUN:AVAIL=Not Ready\r\n@MAIN:ZONENAME=Main\r\n| p/Yamaha RX-V2067 AV receiver/ d/media device/ cpe:/h:yamaha:rx-v2067/ match zabbix m|^OK$| p/Zabbix Monitoring System/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n.*Server: ([-\w\s/_\.]+)\r\n|s p/$2/ i/Status: $1/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n| i/SIP end point; Status: $1/ ##############################NEXT PROBE############################## Probe UDP SIPOptions q|OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/UDP nm;branch=foo;rport\r\nFrom: ;tag=root\r\nTo: \r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: \r\nAccept: application/sdp\r\n\r\n| rarity 5 ports 5060 # Some VoIP phones take longer to respond totalwaitms 7500 match sip m|^SIP/2\.0 200 OK\r\n.*Server: Asterisk PBX ([\w._+~-]+)\r\n|s p/Asterisk/ v/$1/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: FPBX-([\w._-]+)\r\n|s p/FPBX/ v/$1/ d/PBX/ match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: Asterisk PBX $digium$\r\n|s p/Digium Switchvox PBX/ i/based on Asterisk/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*User-Agent: SAGEM / 3202\.3 / 2601EC \r\n|s p/Sagem ADSL router/ d/broadband router/ match sip m|^SIP/2\.0 408 Request timeout\r\n.*Server: sipXecs/([\w._-]+) sipXecs/sipXproxy $Linux$\r\n|s p/SIPfoundry sipXecs PBX/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a match sip m|^SIP/2\.0 404 Not Found\r\n.*User-Agent: AVM (FRITZ!Box Fon WLAN [\w._ -]+) (?:Annex A )?(?:$UI$ )?([\w._ -]+ $\w+ +\d+ +\d+$)|s p/AVM $1 SIP/ v/$2/ d/WAP/ cpe:/h:avm:$1/ match sip m|^SIP/2\.0 200 OK\r\n.*Server: NetSapiens SiPBx 1-1205c\r\n|s p/NetSapiens SiPBX SIP switch/ d/switch/ match sip m|^SIP/2\.0 481 Call Leg/Transaction Does Not Exist\r\nFrom: ;tag=root\r\nTo: ;tag=0-\w+-\w+-\w+-\w+\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/UDP nm;received=[\d.]+;rport=\d+;branch=foo\r\nContent-Length: 0\r\n\r\n$| p/Sony PCS-TL50 videoconferencing SIP/ cpe:/h:sony:pcs-tl50/ match sip m|^SIP/2\.0 200 OK\r\nCSeq: 42 OPTIONS\r\nVia: SIP/2\.0/UDP nm;branch=foo;rport\r\nFrom: ;tag=root\r\nCall-ID: 50000\r\nTo: \r\nContact: \r\nContent-Length: 0\r\n\r\n$| p/Ekiga SIP/ v/3.2.7/ match sip m|^SIP/2\.0 403 Forbidden\r\n.*From: ;tag=root\r\nTo: ;tag=Mitel-([\w._-]+)_\d+-\d+\r\n|s p/Mitel $1 PBX SIP/ d/PBX/ match sip m|^SIP/2\.0 200 OK\r\n.*Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, INFO, REFER, SUBSCRIBE, NOTIFY\r\nAccept: application/sdp,application/dtmf-relay,application/simple-message-summary,message/sipfrag\r\nAccept-Encoding: identity\r\n|s p/Siemens Gigaset DX800A VoIP phone SIP/ d/VoIP phone/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenS[Ee][Rr] $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/OpenSER SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: Sip EXpress router $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/SIP Express Router/ v/$1/ i/$2/ # OpenSER and SER have joined to become SIP Router match sip-proxy m|^SIP/2\.0 .*\r\nServer: SIP Router $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/SIP Router/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 .*\r\nUser-Agent: Asterisk PBX\r\n|s p/Asterisk PBX/ match sip-proxy m|^SIP/2\.0 .*\r\nServer: OpenSIPS $([\w\d\.-]+) \(([\d\w/]+)$\)|s p/OpenSIPS SIP Server/ v/$1/ i/$2/ match sip-proxy m|^SIP/2\.0 200 OK\r\n.*\r\nUser-Agent: ComdasysB2BUA([\w._-]+)\r\n|s p/Comdasys SIP Server/ v/$1/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n.*Server: ([-\w\s/_\.]+)\r\n|s p/$2/ i/Status: $1/ softmatch sip m|^SIP/2\.0 ([-\w\s.]+)\r\n| i/SIP end point; Status: $1/ ##############################NEXT PROBE############################## Probe TCP LANDesk-RC q|\x54\x4e\x4d\x50\x04\0\0\0\x54\x4e\x4d\x45\0\0\x04\0| rarity 6 ports 1761-1763,2701 # With Host and User currently logged in match landesk-rc m|^TNMP.\0\0\0TNME.\0\0\0USER.\x08\x04\0\x08\0.{9}\0R\0\x03\0W\0\xff\xff\0.\0\xfd..\0\0\0\0\x02\0\0\0\0\x01\x04\0\0\0\0\0...\0\xb5\x01\xbb\0Desktop Manager (\d\.\d)\0\x02\x04\x01\x02\x01\0\0\W+([-\w]+)\0([-\w]+)\0\0$|s p/LANDesk RC/ v/$1/ i/User: $3)/ h/$2/ # With just hostname match landesk-rc m|^TNMP.\0\0\0TNME.\0\0\0USER.\x08\x04\0\x08\0.{9}\0R\0\x03\0W\0\xff\xff\0.\0\xfd..\0\0\0\0\x02\0\0\0\0\x01\x04\0\0\0\0\0...\0\xb5\x01\xbb\0Desktop Manager (\d\.\d)\0\x02\x04\x01\x02\x01\0\0\W+(\w+)\0\0\0$|s p/LANDesk RC/ v/$1/ h/$2/ # Being Controled w/ User match landesk-rc m|^TNMP.\0\0\0TNME.\0\0\0USER.\x08\x04\0\x08\0.{9}\0R\0\x03\0W\0\xff\xff\0.\0\xfd..\0\0\0\0\x02\0\0\0\0\x01\x04\0\0\0\0\0...\0\xb5\x01\xbb\0Desktop Manager (\d\.\d)\0\x02\x04\x01\x02\x01\0\0\W+([\w.:]+)\W+(\w+)\0(\w+)\0\0$|s p/LANDesk RC/ v/$1/ i/User: $4 Controler: $2/ h/$3/ # Being Controled w/o User #match landesk-rc m|^TNMP.\0\0\0TNME.\0\0\0USER.\x08\x04\0\x08\0.{9}\0R\0\x03\0W\0\xff\xff\0.\0\xfd..\0\0\0\0\x02\0\0\0\0\x01\x04\0\0\0\0\0...\0\xb5\x01\xbb\0Desktop Manager (\d\.\d)\0\x02\x04\x01\x02\x01\0\0\W+([\w.:]+)\W+(\w+)\0(\w+)\0{2,3}$|s v/LANDesk RC/$1/Host: $3 Controler: $2/ match landesk-rc m|^TNMP.\0\0\0TNME.\0\0\0USER.\x08\x04\0\x08\0.{9}\0R\0\x03\0W\0\xff\xff\0.\0\xfd..\0\0\0\0\x02\0\0\0\0\x01\x04\0\0\0\0\0...\0\xb5\x01\xbb\0Desktop Manager (\d\.\d)\0\x02\x04\x01\x02\x01\0\0\W+([\w.:]+)\W+(\w+)\0|s p/LANDesk RC/ v/$1/ i/Controler: $2/ h/$3/ match landesk-rc m|^TNMP\x16\0\0\0TNME\x80\0\xfe\xff..([\w.]+):(\d)$|s p/LANDesk RC/ i/Busy, From $1 on port 176$2/ # Novell Zen Remote Desktop Several 4.0.X submissions match landesk-rc m|^\0\x04\0| p/Novell Zen Remote Desktop/ v/4.0.X/ # 6.5.14 match landesk-rc m|^\0\x06\x05| p/Novell Zen Remote Desktop/ v/6.5.X/ match landesk-rc m|^TNMP.\0\0\0TNME.\0\0\0USER.\x07\x04\0\x08\0.{9}\0P\0\x03\0U\0\xff\xff\0.*Desktop Manager ([\d.]+)\0|s p/LANDesk RC/ v/$1/ ##############################NEXT PROBE############################## Probe TCP TerminalServer q|\x03\0\0\x0b\x06\xe0\0\0\0\0\0| rarity 6 ports 515,1028,1068,1503,1720,1935,2040,3389 match activefax m|^ActiveFax Server: Es befinden sich insgesamt| p/ActFax Communication ActiveFax/ i/German/ # Cisco video conference device port 1720 match H.323/Q.931 m|^\x03\0\0\x10\x08\x02\x80\0}\x08\x02\x80\xe2\x14\x01\0| match lineage-ii m|^\x03\0\x84$| p/l2emurt Lineage II game server/ match lineage-ii m|^\x03\0\x26$| p/Lineage II game server/ # \x03 is queue status command for LPD service. Should be terminated # by \n, but apparently some dumb lpds allow \0. For now I will keep # 515 in the common ports line, I suppose match printer m|^no entries\n$| p/Xerox lpd/ d/printer/ match printer m|^SB06D2F0: \xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe1\xa0 no entries\n$| p/Kyocera Mita KM-1530 lpd/ d/printer/ match printer m|^ActiveFax Server: There are \d+ entries in the Faxlist\r\n| p/ActiveFax lpd/ match printer m|^Host Name: ([-\w_.]+)\nPrinter Device: hp LaserJet (\w+)\nPrinter Status: ([^\r\n]+)\n\0\0| p/NetSarang Xlpd/ i/HP LaserJet $2; Status $3/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a match printer m|^Fictive printer queue short information\n$| p/Canon MF4360-4390 lpd/ d/printer/ match printer m|^414A_Citizen_CLP(\d+): \xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe5\x9f\xf0\x18\xe1\xa0 no entries\n$| p/Citizen CLP-$1 lpd/ d/printer/ # Windows 2000 Server # Windows 2000 Advanced Server # Windows XP Professional match ms-wbt-server m|^\x03\0\0\x0b\x06\xd0\0\0\x12.\0$|s p/Microsoft Terminal Service/ o/Windows/ match ms-wbt-server m|^\x03\0\0\x17\x08\x02\0\0Z~\0\x0b\x05\x05@\x06\0\x08\x91J\0\x02X$| p/Microsoft Terminal Service/ i/Used with Netmeeting, Remote Desktop, Remote Assistance/ o/Windows/ cpe:/o:microsoft:windows/a match ms-wbt-server m|^\x03\0\0\x11\x08\x02..}\x08\x03\0\0\xdf\x14\x01\x01$|s p/Microsoft NetMeeting Remote Desktop Service/ o/Windows/ cpe:/o:microsoft:windows/a match ms-wbt-server m|^\x03\0\0\x0b\x06\xd0\0\0\x03.\0$|s p/Microsoft NetMeeting Remote Desktop Service/ o/Windows/ cpe:/o:microsoft:windows/a # Need more samples! match ms-wbt-server m|^\x03\0\0\x0b\x06\xd0\0\0\0\0\0| p/xrdp/ match ms-wbt-server m|^\x03\0\0\x0e\t\xd0\0\0\0[\x02\xa1]\0\xc0\x01\n$| p/IBM Sametime Meeting Services/ o/Windows/ cpe:/o:microsoft:windows/a match ms-wbt-server m|^\x03\0\0\x0b\x06\xd0\0\x004\x12\0| p/VirtualBox VM Remote Desktop Service/ o/Windows/ cpe:/o:microsoft:windows/a match ms-wbt-server-proxy m|^nmproxy: Procotol byte is not 8\n$| p/nmproxy NetMeeting proxy/ # Semi-open protocol from Adobe: http://www.adobe.com/devnet/rtmp/. # Some reverse engineering at http://wiki.gnashdev.org/RTMP says the server # handshake is a 0x03 byte followed by 1536 seeming-random bytes. However # service scan only gets 900 or 1300 bytes, so just check for as much as # possible up to 1536. match rtmp m|^\x03.{899,1536}$|s p/Real-Time Messaging Protocol/ match sybase-monitor m|^\0\x01\0\x08\0\0\x01\0$| p/Sybase Monitor Server/ o/Windows/ cpe:/a:sybase:monitor_server/ cpe:/o:microsoft:windows/a match trillian m|^.\0\x01.....\0([^\0]+)\0|s p/Trillian MSN Module/ i/Name $1/ o/Windows/ cpe:/o:microsoft:windows/a # Netware Create Connection Service request ##############################NEXT PROBE############################## Probe TCP NCP q|\x44\x6d\x64\x54\0\0\0\x17\0\0\0\x01\0\0\0\0\x11\x11\0\xff\x01\xff\x13| rarity 6 ports 524,1200,1217,2000,3000-3006,3031,6802 match audioworks m|^\0\0$| p/AudioWorks sound server/ o/IRIX/ # Netware 5 and 6 # NCP "OK" reply match ncp m|^\x74\x4e\x63\x50\0\0\0\x10\x33\x33| p/Novell NetWare NCP/ match srun m|^X\0\0\0$| p/Caucho Resin JSP Engine srun/ match progress m|^\0\0\0\x01\0\x17\0\x14\0\x06\0\0\0.\0\0\0\0\0\0|s p/Progress Database/ # Apple Remote Events echos a truncated version of the probe back match appleevents m|^DmdT\0\0\0\x17\0\0\0\x01$| p/Apple Remote Events/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a match softplc m|^\x04\xef\xef\xb3\0\0\0\x01\x01\0\xc4\x01\0\0\0\0| p/CoDeSyS SoftPLC/ match tuxedo-wsl m|^\d+SESSIONDENIED&REASON=Protocol violation\n$| p/BEA Tuxedo WorkStation Listener/ ##############################NEXT PROBE############################## Probe TCP NotesRPC q|\x3A\x00\x00\x00\x2F\x00\x00\x00\x02\x00\x00\x40\x02\x0F\x00\x01\x00\x3D\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x1F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00| rarity 6 ports 130,427,1352,1972,7171,22001 match cache m|^O\0\0\0\x03\xff\0\0\0\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0G\x04\0\x0e\0\x01\0\x0f\0\x0e\0Access Denied$| p/InterSystems Cache database/ match cache m|^r\0\0\0\x03\xff\0\0\0\0\0\0\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\08\0Cache Direct Server Fatal Error: Invalid subfunc code: 0$| p/InterSystems Cache database/ #match lotusnotes m|^`\0\0\0U\0\0\0\x03\0\0@\x02\x0f\0\x05\x009\x05.....\x03\0\0\0\0\x02\0/\0\x12|s # Lotus Domino (r) Server (Release 5.0.8 for Windows/32 # Lotus Notes domino 5.0.11 # Lotus Server 6.0.1 # Lotus Domino (r) Server (Release 6.0.1CF1 for Windows/32 match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\0\0\0\0\0\0.*CN=([-.\w ]+)/O=([-.\w ]+)[^-.\w ]|s p/Lotus Domino server/ i/CN=$1;Org=$2/ match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\0\0\0\0\0\0.*CN=([-.\w ]+)/OU=([-.\w ]+)/O=([-.\w ]+)[^-.\w ]|s p/Lotus Domino server/ i/CN=$1;OU=$2;Org=$3/ match lotusnotes m|^.\0\0\0.\0\0\0\x03\0\0@\x02\x0f\0.*\x03\0\0\0\0\x02\0/\0.\0\0\0\0\0\0\0.*CN=([-.\w ]+)/OU=([-.\w ]+)/OU=([-.\w ]+)/O=([-.\w ]+)|s p/Lotus Domino server/ i|CN=$1;OU=$2/$3;Org=$4| match megaraid-monitor m|^\x02\0\0\0\0\0\0/\0\0\0\0\0\0\0\0\0@\x1f\0\0\0\0\0\0\0\0\0/\0\0\0\x02\0\0@\x02\x0f\0\x01\0=\x05\0\0\0\0\0\0\0\0\0\0\0\0\0\)\0\0\0$| p/MegaRaid Monitoring Agent/ # Interesting service: Not sure if it's RPC match rpcbind m|^\x18\0\x01\x02Invalid packet length\0| p/Amanda voicemail system/ d/telecom-misc/ # Moved this from SSLSessionReq because it seems more reliable. match svrloc m|^\x02\x02\0\0\x12\0\0\0\0\0\0\0\0\x02en\0\x02$| p/Apple slpd/ o/Mac OS/ cpe:/o:apple:mac_os/a match tibia m|^V\0\x02\0Your terminal version is too old\.\nPlease get a new version at\nhttp://www\.tibia\.com\.\0$| p/Tibia graphical MUD/ match xplorer m|Access violation at address \w+ in module 'Xplorer\.exe'\. Read of address| p/SoftOne Business Xplorer/ o/Windows/ cpe:/o:microsoft:windows/a match pc-anywhere m|\x1bY2\0\x01\x03B\0\0\x01\0\x14....................\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0| p/Symantec PC-Anywhere/ ##############################NEXT PROBE############################## Probe TCP DistCCD q|DIST00000001ARGC00000005ARGV00000002ccARGV00000002-cARGV00000006nmap.cARGV00000002-oARGV00000006nmap.oDOTI00000000| rarity 8 ports 3632 match distccd m|^DONE00000001STAT00000000SERR00000000SOUT00000000DOTO.*?GCC: ([^\0]+)| p/distccd/ v/v1/ i/$1/ match distccd m|^DONE00000001STAT00000100SERR000000\w+/tmp/distccd_.*:\d+: internal compiler error: Segmentation fault| p/distccd/ i/broken/ match distccd m|^DONE00000001.*?DOTO00| p/distccd/ v/v1/ i/unknown compiler/ match distccd m|^DONE00000001.*ccache: failed to create /usr/share/distcc/\.ccache $Permission denied$\n| p/distccd/ i/broken/ match distccd m|^DONE00000001.*CRITICAL! distcc seems to have invoked itself recursively!\n|s p/distccd/ i/broken/ match distccd m|^[\w._-]+DONE[\w._-]+ .*ERROR: attempt to use unknown compiler aborted: ([\w._-]+)\n|s p/distccd/ i/broken: compiler $1 doesn't exist/ ##############################NEXT PROBE############################## Probe TCP JavaRMI q|\x4a\x52\x4d\x49\0\x02\x4b| rarity 8 ports 706,1098,1099,1981 match rmiregistry m|^\x4e..[0-9.]+\0\0..$|s p/Java RMI/ match rmiregistry m|^\x4e..([\w._-]+)\0\0..$|s p/GNU Classpath grmiregistry/ h/$1/ ##############################NEXT PROBE############################## Probe TCP Radmin q|\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08| ports 4899,9001 rarity 8 match fcgiwrap m|^\x01\x0b\0\0\0\x08\0\0\0\0\0\0\0\0\0\0$| p/fcgiwrap/ match radmin m|^\x01\x00\x00\x00\x25\x09\x00\x01\x10\x08\x01\x00\x09\x08| p/Famatech Radmin/ v/2.X/ i/Windows Authentication/ o/Windows/ cpe:/a:famatech:radmin:2/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x0a\x00\x01\x10\x08\x01\x00\x0a\x08| p/Famatech Radmin/ v/2.X/ i/Radmin Authentication/ o/Windows/ cpe:/a:famatech:radmin:2/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x00\x00\x02\x12\x08\x02\x00\x00\x0a| p/Famatech Radmin/ v/3.X/ i/Radmin Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x71\x00\x02\x12\x08\x02\x00\x71\x0a| p/Famatech Radmin/ v/3.X/ i/Windows Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x08\x00\x02\x12\x08\x02\x00\x08\x0a| p/Famatech Radmin/ v/3.X/ i/Radmin Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x79\x00\x02\x12\x08\x02\x00\x79\x0a| p/Famatech Radmin/ v/3.X/ i/Windows Authentication/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x59\x00\x02\x12\x08\x02\x00\x59\x0a| p/Famatech Radmin/ v/3.3/ o/Windows/ cpe:/a:famatech:radmin:3.3/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x25\x04\x00\x02\x12\x08\x02\x00\x04\x0a| p/Famatech Radmin/ v/3.0/ o/Windows/ cpe:/a:famatech:radmin:3.0/ cpe:/o:microsoft:windows/a match radmin m|^\x01\x00\x00\x00\x09\x00\x00\x10\x4f\x2f\x10\x00\x00\x04\x00\x00\x00\x1c| p/Famatech Radmin/ v/3.X/ i/Source IP blocked/ o/Windows/ cpe:/a:famatech:radmin:3/ cpe:/o:microsoft:windows/a softmatch radmin m|^\x01\x00\x00\x00\x25.\x00..\x08.\x00..|s p/Famatech Radmin/ o/Windows/ cpe:/a:famatech:radmin/ cpe:/o:microsoft:windows/a match srcds m|^\n\0\0\0\0\0\0\0\0\0\0\0\0\0$| p/srcds game server/ ##############################NEXT PROBE############################## Probe UDP Sqlping q|\x02| rarity 6 ports 1434 match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);np;.+;tcp;(\d{1,5});| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1; TCPPort: $3/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);tcp;(\d{1,5});np;.+;$| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1; TCPPort: $3/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);tcp;(\d{1,5});;| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1; TCPPort: $3/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a match ms-sql-m m|^\x05..ServerName;([\w\-]+);InstanceName;[\w\-]+;IsClustered;\w{2,3};Version;([\d\.]+);;| p/Microsoft SQL Server/ v/$2/ i/ServerName: $1/ o/Windows/ cpe:/a:microsoft:sql_server:$2/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe UDP NTPRequest q|\xe3\x00\x04\xfa\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc5\x4f\x23\x4b\x71\xb1\x52\xf3| rarity 5 ports 123,5353,9100 match ca-mq m|^\xfa\xfe\0\x10\0\0\x01\0\0\0\0\0\0\0\0\0$| p/CA Message Queuing Server/ match ntp m|^\x24[\x01-\x0f]..............................................$|s p/NTP/ v/v4/ match ntp m|^\xe4[\0\x04]..............................................$|s p/NTP/ v/v4/ i/unsynchronized/ match ntp m|^\x1c[\x01-\x0f]..............................................$|s p/NTP/ v/v3/ match ntp m|^\xdc[\x00-\x0f]..............................................$|s p/Microsoft NTP/ o/Windows/ cpe:/o:microsoft:windows/a match ntp m|^\x5c\x03..............................................$|s p/Microsoft Windows Server 2003 NTP/ v/v3/ o/Windows/ cpe:/o:microsoft:windows/a match ntp m|^\x64\x03..............................................$|s p/NTP/ v/v4/ # Solaris Internet Name Server (42/udp), see ien116.txt match nameserver m|^help\r\n\r\n\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01| p/Solaris Internet Name Server/ i/IEN 116/ o/Solaris/ cpe:/o:sun:sunos/a match mdns m|^\0\0\x84\0\0\0\0\x05\0\0\0\0.Lexmark ([\x20-\x7f]+)\x0c_host-config\x04_udp\x05local\0|s p/Lexmark $1 printer mdns/ d/printer/ match hbn3 m|^\0\0\x84\0\0\0\0\x05\0\0\0\0\x15S300-S400 Series $32$.+ET(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})| p/Lexmark S300-S400 series HBN3/ i/MAC: $1:$2:$3:$4:$5:$6/ d/printer/ match hbn3 m|^\0\0\x84\0\0\0\0\x05\0\0\0\0\x15S300-S400 Series.+ET(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})| p/Lexmark S300-S400 Series HBN3/ i/MAC: $1:$2:$3:$4:$5:$6/ d/printer/ softmatch mdns m|^\0\0\x84\0\0\0\0\x05\0\0\0\0| match sip m|^SIP/2\.0 200 OK\r\n.*Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, UPDATE, OPTIONS, MESSAGE, NOTIFY, INFO, REFER\r\n.*User-Agent: SightSpeedClient v\. ([\w._-]+)\r\n|s p/SightSpeedClient sipd/ v/$1/ i/AVM FRITZ!Box Fon WAP/ # These first two probes only serve to determine the NTP version # Nessus uses. The third will match even a newer one, but just show # the NTP as 1.0. So we give the highest rarity to these first two # probes so they will usually only be used for port 1241. But the # third is left with a lower rarity to catch Nessus running on # non-default ports. # # These probes have a high likelihood of triggering false positives because # any service that echos your command back can match. The docs on the # the protocol make me think a ^ anchor can be added to the response so # this should cut down on the the false positives. (Brandon) # # See ntp_white_paper_11.txt for more information on the Nessus protocol # ##############################NEXT PROBE############################## Probe TCP NessusTPv12 q|< NTP/1.2 >\n| rarity 9 ports 1241 sslports 1241 match nessus m|^< NTP/1.2 >\n| p/Nessus Daemon/ i/NTP v1.2/ ##############################NEXT PROBE############################## Probe TCP NessusTPv11 q|< NTP/1.1 >\n| rarity 9 ports 1241 sslports 1241 match nessus m|^< NTP/1.1 >\n| p/Nessus Daemon/ i/NTP v1.1/ ##############################NEXT PROBE############################## Probe TCP NessusTPv10 q|< NTP/1.0 >\n| rarity 8 ports 1241 sslports 1241 match http-proxy m|^HTTP/1\.0 400 Bad Request\r\nServer: squid/([\w._+-]+)\r\n| p/Squid/ v/$1/ match nessus m|^< NTP/1.0 >\n| p/Nessus Daemon/ i/NTP v1.0/ match zabbix m|^NOT OK\n$| p/Zabbix Monitoring System/ ##############################NEXT PROBE############################## Probe UDP SNMPv1public q|0\x82\0/\x02\x01\0\x04\x06public\xa0\x82\0\x20\x02\x04\x4c\x33\xa7\x56\x02\x01\0\x02\x01\0\x30\x82\0\x10\x30\x82\0\x0c\x06\x08\x2b\x06\x01\x02\x01\x01\x05\0\x05\0| rarity 4 ports 161 match snmp m|^0.*\x02\x01\0\x04\x06public\xa2.*\x06\x08\+\x06\x01\x02\x01\x01\x05\0\x04[^\0]([^\0]+)|s p/SNMPv1 server/ i/public/ h/$1/ match snmp m|^0.*\x02\x01\0\x04\x06public\xa2|s p/SNMPv1 server/ i/public/ ##############################NEXT PROBE############################## Probe UDP SNMPv3GetRequest q|\x30\x3a\x02\x01\x03\x30\x0f\x02\x02\x4a\x69\x02\x03\0\xff\xe3\x04\x01\x04\x02\x01\x03\x04\x10\x30\x0e\x04\0\x02\x01\0\x02\x01\0\x04\0\x04\0\x04\0\x30\x12\x04\0\x04\0\xa0\x0c\x02\x02\x37\xf0\x02\x01\0\x02\x01\0\x30\0| rarity 4 ports 161 # H.225 bandwidthReject match H.323-gatekeeper-discovery m|^8\x02\x01\x10\0$| p/GNU Gatekeeper discovery/ # Enterprise numbers as used in SNMP engine IDs are here: # http://www.iana.org/assignments/enterprise-numbers # Reserved - SNMP Engine ID 0 \x00\x00 # Netgear GS748TS V5.0.0.23 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\x00|s # Cisco - SNMP Engine ID 9 (CiscoSystems) = \x00\x09 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\x09|s p/Cisco SNMP service/ # Cisco - SNMP Engine ID 99 (SNMP Research) = \x00\x63 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\x63|s p/Cisco SNMP service/ # Xerox - SNMP Engine ID 253 (Xerox) = \x00\xfd match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x00\xfd|s p/Xerox SNMP service/ # Scientific Atlanta - SNMP Engine ID 1429 = \x05\x95 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x05\x95|s p/Scientific Atlanta SNMP service/ # Brocade - SNMP Engine ID 1588 (Brocade Communications Systems, Inc.) = \x06\x34 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x06\x34|s p/Brocade SNMP service/ # QLogic - SNMP Engine ID 1663 (Ancor Communications) = \x06\x7f match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x06\x7f|s p/QLogic SNMP service/ # IBM - SNMP Engine ID 1104 (First Virtual Holdins Incorporated) = \x04\x50 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x04\x50|s p/IBM SNMP service/ # Huawei - SNMP Engine ID 2011 (HUAWEI Technology Co.,Ltd) = \x07\xdb match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x07\xdb|s p/Huawei SNMP service/ # Lexmark - SNMP Engine ID 2021 (Engine Enterprise ID: U.C. Davis, ECE Dept. Tom) = \x07\xe5 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x07\xe5|s p/Lexmark SNMP service/ # Thomson Inc. - SNMP Engine ID 2863 (Thomson Inc.) = \x0b\x2f match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x0b\x2f|s p/Thomson SNMP service/ # Blue Coat - SNMP Engine ID 3417 (CacheFlow Inc.) = \x0d\x59 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x0d\x59|s p/Blue Coat SNMP service/ # Canon - SNMP Engine ID 4976 (Agent++) = \x13\x70 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x13\x70|s p/Canon SNMP service/ # net-snmp (net-snmp.org) - SNMP Engine ID 8072 (net-snmp) = \x1f\x88 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x1f\x88|s p/net-snmp/ # Fortigate-310B v4.0,build0324,110520 (MR2 Patch 7) # Fortinet, Inc. - SNMP Engine ID 12356 = \x30\x44 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\x80\0\x30\x44|s p/Fortinet SNMP service/ d/firewall/ # Aruba Networks - SNMP Engine ID 14823 = \x39\xe7 match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x39\xe7|s p/Aruba Networks SNMP service/ # OpenBSD Project - SNMP Engine ID 30155 = \x75\xcb match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\0\x75\xcb|s p/OpenBSD SNMP service/ # Wireshark says for the SNMP Engine ID. match snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04.{5,6}\x01\0\x02\x03|s p/MikroTik router SNMP service/ d/router/ # Tandberg Video Conferencing equipment match snmp m|^0\x82\0\x37\x02\x01\0\x04\x06public\xa2\x82\0\x28\x02.{41,43}\nSoftW:\x20([^\0\n]+)\nMCU:\x20([^\0\n]+)\n|s p/$2/ i/$1/ # Zebra GX430T label printer match snmp m|^0\x82\0\x37\x02\x01\0\x04\x06public\xa2\x82\0\x28.{20}\x2b\x06\x01\x02\x01\x01\x05\0\x04\nZBR_SPICE0|s p/Zebra GX430T label printer SNMP service/ d/printer/ cpe:/h:zebra:gx430t/ # P-660HW-D1 from Zyxel match snmp m|^0\x82\0\x3a\x02\x01\0\x04\x06public\xa2\x82\0\x2b.{20}\x06\x08\x2b\x06\x01\x02\x01\x01\x05\0\x04\x0bcfr25657985|s p/ZyXEL Prestige 660HW ADSL router/ d/broadband router/ cpe:/h:zyxel:prestige_660hw/ #Generic SNMPv3 matchline softmatch snmp m|^..\x02\x01\x030.\x02\x02Ji\x02.{3,4}\x04\x01.\x02\x01\x03\x04|s p/SNMPv3 server/ ##############################NEXT PROBE############################## Probe TCP WMSRequest q|\x01\0\0\xfd\xce\xfa\x0b\xb0\xa0\0\0\0MMS\x14\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x12\0\0\0\x01\0\x03\0\xf0\xf0\xf0\xf0\x0b\0\x04\0\x1c\0\x03\0N\0S\0P\0l\0a\0y\0e\0r\0/\09\0.\00\0.\00\0.\02\09\08\00\0;\0 \0{\00\00\00\00\0A\0A\00\00\0-\00\0A\00\00\0-\00\00\0a\00\0-\0A\0A\00\0A\0-\00\00\00\00\0A\00\0A\0A\00\0A\0A\00\0}\0\0\0\xe0\x6d\xdf\x5f| rarity 6 ports 1549,1755,5001,9090 match afp m|^\x01\x03\0N........\0\0\0\0........\x8f\xfb.([^\0\x01]+)[\0\x01].*\tMacintosh\x05\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06AFP2\.2\x05\tDHCAST128.*\x04([\w.]+)\x01.afpserver|s p/Apple AFP/ i/name: $1; protocol 3.3; Mac OS X 10.5/ o/Mac OS X/ h/$2/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a match afp m|^\x01\x03\0N........\0\0\0\0........\x8f\xfb.([^\0\x01]+)[\0\x01].*\nMacmini3,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x05\tDHCAST128.*\x04([\w.]+)\x01oafpserver|s p/Apple AFP/ i/name: $1; protocol 3.3; Mac OS X 10.6; Mac mini/ o/Mac OS X/ h/$2/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x/a # Flags \x9f\xfb. match afp m|^\x01\x03\0\x4e........\0\0\0\0........\x9f\xfb.([^\0\x01]+)[\0\x01].*MacBookAir\d+,\d+\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient Krb v2\x03GSS\x0fNo User Authent.*\x1b\$not_defined_in_RFC4178@please_ignore$|s p/Apple AFP/ i/name: $1; protocol 3.4; Mac OS X 10.6; MacBook Air/ o/Mac OS X/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x:10.6/a match afp m|^\x01\x03\0\x4e........\0\0\0\0........\x9f\xfb.([^\0\x01]+)[\0\x01].*MacBookPro\d+,\d+\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\x06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient Krb v2\x03GSS\x0fNo User Authent.*\x1b\$not_defined_in_RFC4178@please_ignore$|s p/Apple AFP/ i/name: $1; protocol 3.4; Mac OS X 10.6; MacBook Pro/ o/Mac OS X/ cpe:/a:apple:afp_server/a cpe:/o:apple:mac_os_x:10.6/a match jsonrpc m|^{\n \"error\" : {\n \"code\" : -32700,\n \"message\" : \"Parse error\.\"\n },\n \"id\" : 0,\n \"jsonrpc\" : \"([\w._-]+)\"\n}\n| p/XBMC JSON-RPC/ v/$1/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/ match jsonrpc m|^{\"error\":{\"code\":-32700,\"message\":\"Parse error\.\"},\"id\":null,\"jsonrpc\":\"([\w._-]+)\"}| p/XBMC JSON-RPC/ v/$1/ d/media device/ o/Linux/ cpe:/o:linux:linux_kernel/ match shivahose m|^\x02\x06$| i/Shiva network modem access/ match slingbox m|^\x01\x01\0\xfd\xce\xfa\x0b\xb0\xa0\0\0\0\x0f\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x12$| p/Slingbox streaming video/ # Also www.getmangos.com: Mangos Realms Server. match warcraft m|^\0\0\x09$| p/World of Warcraft game server/ #WMS 4.1.0.3927 match wms m|^\x01\0\0.\xce\xfa\x0b\xb0.\0\0\0MMS .\0{7}.{9}\0\0\0\x01\0\x04\0\0\0\0\0\xf0\xf0\xf0\xf0\x0b\0\x04\0\x1c\0\x03\0\0\0\0\0\0\0\xf0\?\x01\0\0\0\x01\0\0\0\0\x80\0\0...\0.\0\0\0\0\0\0\0\0\0\0\0.\0\0\x00(\d)\0\.\x00(\d)\0\.\x00(\d)\0\.\x00(\d)\x00(\d)\x00(\d)\x00(\d)\0\0\0|s p/Microsoft Windows Media Service/ v/$1.$2.$3.$4$5$6$7/ o/Windows/ cpe:/o:microsoft:windows/a match wms m|^\x01\0\0.\xce\xfa\x0b\xb0.\0\0\0MMS .\0{7}.{9}\0\0\0\x01\0\x04\0\0\0\0\0\xf0\xf0\xf0\xf0\x0b\0\x04\0\x1c\0\x03\0\0\0\0\0\0\0\xf0\?\x01\0\0\0\x01\0\0\0\0\x80\0\0...\0.\0\0\0\0\0\0\0\0\0\0\0.\0\0\x00(\d)\0\.\x00(\d)\x00(\d)\0\.\x00(\d)\x00(\d)\0\.\x00(\d)\x00(\d)\x00(\d)\x00(\d)\0\0\0|s p/Microsoft Windows Media Service/ v/$1.$2$3.$4$5.$6$7$8$9/ o/Windows/ cpe:/o:microsoft:windows/a ##############################NEXT PROBE############################## Probe TCP oracle-tns q|\0Z\0\0\x01\0\0\0\x016\x01,\0\0\x08\0\x7F\xFF\x7F\x08\0\0\0\x01\0 \0:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\04\xE6\0\0\0\x01\0\0\0\0\0\0\0\0(CONNECT_DATA=(COMMAND=version))| rarity 7 ports 1035,1521,1522,1525,1526,1574,1748,1754,14238,20000 match http m|^HTTP/1\.0 400 Bad Request\r\nDate: .*\r\nServer: Boa/([\w._-]+)\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n400 Bad Request\n

400 Bad Request

\nYour client has issued a malformed or illegal request\.\n\n$| p/Boa httpd/ v/$1/ i/Prolink ADSL router/ d/broadband router/ match iscsi m|^\x3f\x80\x04\0\0\0\x00\x30\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\xf7\0\0\0\0\0\0\0\0\0\0\0\0\0Z\0\0\x01\0\0\0\x016\x01\x2c\0\0\x08\0\x7f\xff\x7f\x08\0\0\0\x01\0\x20\0\x3a\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x004\xe6\0\0$| p/iSCSI/ match iscsi m|^\x3f\x80\x04\0\0\0\x00\x30\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x00\x00\0\0\0\0\0\0\0\0\0\0\0\0\0Z\0\0\x01\0\0\0\x016\x01\x2c\0\0\x08\0\x7f\xff\x7f\x08\0\0\0\x01\0\x20\0\x3a\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x004\xe6\0\0$| p/HP StorageWorks D2D backup system iSCSI/ d/storage-misc/ match palm-hotsync m|^\x01.\0\0\0\x14\x11\x01\0\0\0\0\0\0\0\x20\0\0\0\x06\x01\0..\0\0$|s p/Palm Pilot HotSync/ match oracle-tns m|^\0.\0\0[\x02\x04]\0\0\0.*TNSLSNR for ([-.+/ \w]{2,24}): Version ([-\d.]+) - Production|s p/Oracle TNS Listener/ v/$2 (for $1)/ match dbsnmp m|^\0.\0\0\x02\0\0\0.*$IAGENT = \(AGENT_VERSION = ([\d.]+)$$RPC_VERSION = ([\d.]+)$\)|s p/Oracle Intelligent Agent/ v/$1/ i/RPC v$2/ match oracle m|^\0\x20\0\0\x02\0\0\0\x016\0\0\x08\0\x7f\xff\x01\0\0\0\0\x20|s p/Oracle Database/ cpe:/a:oracle:database_server/ match oracle m|^\+\0\0\0$| p/Oracle Database/ cpe:/a:oracle:database_server/ match oracle-tns m|^..\0\0\x04\0\0\0\"\0..$DESCRIPTION=\(TMP=$$VSNNUM=\d+$$ERR=1189$$ERROR_STACK=\(ERROR=\(CODE=1189$$EMFI=4$\)| p/Oracle TNS Listener/ match oracle-tns m|^..\0\0\x04\0\0\0\"\0..$DESCRIPTION=\(ERR=12504$\)\0| p/Oracle TNS listener/ softmatch oracle-tns m|^\0.\0\0[\x02\x04]\0\0\0|s p/Oracle TNS Listener/ match dbsnmp m|^\0,\0\0\x04\0\0\0\"\0\0 $CONNECT_DATA=\(COMMAND=version$\)| p/Oracle DBSNMP/ match hp-radia m|^\xff\xff$| p/HP Radia configuration server/ ##############################NEXT PROBE############################## Probe UDP xdmcp q|\0\x01\0\x02\0\x01\0| rarity 6 ports 177 match bacnet m|^\x81\n\0\t\x01\0`\x01\t$| p/BACnet building automation/ match xdmcp m|^\0\x01\0\x05..\0\0\0.(.+)\0.(.+)|s p/XDMCP/ i/willing; status: $2/ o/Unix/ h/$1/ match xdmcp m|^\0\x01\0\x06..\0.(.+)\0.(.+)|s p/XDMCP/ i/unwilling; status: $2/ o/Unix/ h/$1/ match tftp m|^\0\x05\0\x04Illegal TFTP operation\0| p/Windows 2003 Server Deployment Service/ o/Windows/ cpe:/o:microsoft:windows/a match tftp m|^\0\x05\0\x01File not found\.\0$| p/Enistic zone controller tftpd/ ##############################NEXT PROBE############################## # AFS version probing Probe UDP AFSVersionRequest q|\0\0\x03\xe7\0\0\0\0\0\0\0\x65\0\0\0\0\0\0\0\0\x0d\x05\0\0\0\0\0\0\0\0\0\0| rarity 5 ports 7001 # OpenAFS match afs m|^[\d\D]{28}\s*(OpenAFS)\s+([\d\.]+)\s+([^\0]+)\0| p/$1/ v/$2/ i/$3/ match afs m|^[\d\D]{28}\s*(OpenAFS)\s+stable\s+([\d\.]+)\s+([^\0]+)\0| p/$1/ v/$2/ i/$3 stable/ match afs m|^[\d\D]{28}\s*(OpenAFS)([\d\.]{3}[^\s\0]*)\s+([^\0]+)\0| p/$1/ v/$2/ i/$3/ match afs m|^[\d\D]{28}\s*(OpenAFS)([\d\.]{3}[^\s\0]*)\0| p/$1/ v/$2/ # Transarc AFS match afs m|^[\d\D]{28}\s*Base\sconfiguration\safs([\d\.]+)\s+[^\s\0\;]+[\0\;]| p/Transarc AFS/ v/$1/ # Arla match afs m|^[\d\D]{28}\s*arla-([\d\.]+)\0| p/Arla/ v/$1/ # OpenSSL 0.9.8g: openssl s_server -dtls1 # Alert (21), DTLS 1.0 (0xfeff) match dtls m|^\x15\xfe\xff\0\0\0\0\0\0\0\0\0\x07\x02\x16\0\0\0\0\0$| p/OpenSSL DTLS 1.0/ match H.323-gatekeeper-discovery m|^\x04\x80\x03\xe7\0\x08\0D\0E\0U\0G\0K\0......$|s p/GNU Gatekeeper discovery/ match H.323-gatekeeper-discovery m|^\x04\x80\x03\xe7\0\x10\0D\0E\0U\0C\0O\0S\0R\0V\x003\0\n\x08\x01\x03\x06\xb7$| p/GNU Gatekeeper discovery/ v/2.3.2/ ### do not slow down the scan Probe TCP mydoom q|\x0d\x0d| rarity 9 ports 706,3127-3198 match mydoom m|\x04\x5b\0\0\0\0\0\0| p/MyDoom virus backdoor/ v/v012604/ match silc m|^\0\x13\0\x01\r\0\x08\0\x01S\x96Rz\xc2\x02\0\xff\0.............4$|s p/SILCd conferencing service/ Probe TCP WWWOFFLEctrlstat q|WWWOFFLE STATUS\r\n| rarity 9 ports 706,8081 match http-proxy-ctrl m|^WWWOFFLE Server Status\n-*\nVersion *: (\d.*)\n| p/WWWOFFLE proxy control/ v/$1/ match http-proxy-ctrl m|^WWWOFFLE Incorrect Password\n| p/WWWOFFLE proxy control/ i/Unauthorized/ match silc m|^\0\x13\0\x01\r\0\x08\0\x01S\x96Rz\xc2\x02\0\xff\0.............4$|s p/SILCd conferencing service/ ########################################################################################################## # Cross Match Verifier E TCP/IP fingerprint reader (http://www.crossmatch.com/products_singlescan_vE.html) # The device runs an embedded Linux # Probe TCP Verifier q|Subscribe\n| rarity 8 ports 1500 totalwaitms 11000 match crossmatchverifier m=^(?:Idle|Notify)\r\n$= p/Cross Match Verifier E fingerprint control/ match secure-socket m|^\0$| p/CA Secure Socket Adapter/ Probe TCP VerifierAdvanced q|Query\n| rarity 8 ports 1501 match crossmatchverifier m|^Settings\r\nGain\x20(\d+)\r\nContrast\x20(\d+)\r\nTime\x20(\d+)\r\nIllumination\x20(\d+)\r\nProcessed\r\n$| p/Cross Match Verifier E fingerprint advanced control/ i/Gain: $1; Contrast: $2; Time: $3; Illumination: $4/ ############ SOCKS PROBES ############ # These are some simple probes that query a SOCKS server as specified in the # following RFCs/documents: # # SOCKS4.Protocol - SOCKS Protocol Version 4 # RFC 1928 - SOCKS Protocol Version 5 # RFC 1929 - Username/Password Authentication for SOCKS V5 # RFC 1961 - GSS-API Authentication Method for SOCKS Version 5 # The following probe is designed to check the status of a SOCKS5 implementation. # # It attempts to create a TCP connection to google.com:80 assuming the SOCKS server # allows unauthenticated connections. The probe also tells the SOCKS server # that we support all major types of authentication so we can determine which # authentication method the server requires. # # We don't try to establish TCP port bindings on the SOCKS server and we don't # try UDP connections though these could easily be added to new probes. Probe TCP Socks5 q|\x05\x04\x00\x01\x02\x80\x05\x01\x00\x03\x0agoogle.com\x00\x50GET / HTTP/1.0\r\n\r\n| rarity 8 ports 199,1080,1090,1095,1100,1105,1109,3128,6588,6660-6669,7777,8000,8008,8010,8080,8088,9481 match caldav m|^HTTP/1\.1 503 Service Unavailable\r\nServer: DavMail Gateway ([\w._-]+)\r\nDAV: 1, calendar-access, calendar-schedule, calendarserver-private-events, addressbook\r\n.*Content-Length: 83\r\n\r\nInvalid header: google\.com\0PGET / HTTP/1\.0, HTTPS connection to an HTTP listener \? |s p/DavMail CalDAV http gateway/ v/$1/ d/proxy server/ # http://freenetproject.org/fcp.html match fcp m|^ProtocolError\nFatal=true\nCodeDescription=ClientHello must be first message\nCode=1\nEndMessage\n$| p/Freenet Client Protocol 2.0/ match http m|^HTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid requestHTTP/1\.1 400 ERROR\r\nConnection: keep-alive\r\nContent-Length: 17\r\nContent-Type: text/html\r\n\r\n\r\ninvalid request| p/uTorrent http admin/ v/3.0/ match http m|^HTTP/1\.0 500 Unexpected new line: \x05\x04\0\x01\x02\x3f\x05\x01\0\x03\[CRLF\]\.\r\nContent-Type: text/html\r\nContent-Length: 763\r\nConnection: Close\r\n\r\n\r\n \r\n \r\n Unexpected new line: \x05\x04\0\x01\x02\?\x05\x01\0\x03\[CRLF\]\.\r\n \r\n \r\n

500 - Unexpected new line: \x05\x04\0\x01\x02\?\x05\x01\0\x03\[CRLF\]\.

\r\n

System\.InvalidOperationException: Unexpected new line: \x05\x04\0\x01\x02\?\x05\x01\0\x03\[CRLF\]\.\n  at fp\.bb \(Char A_0\) \[0x00000\] in :0 \n  at ha\.d \(\) \[0x00000\] in :0 \n  at ha\.b \(System\.Byte\[\] A_0, Int32 A_1, Int32 A_2\) \[0x00000\] in :0 \n| p/McMyAdmin Minecraft game admin console/ v/2.2.14/
match http m|^HTTP/1\.0 500 Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\nContent-Type: text/html\r\nContent-Length: 769\r\nConnection: Close\r\n\r\n\r\n    \r\n        \r\n        Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\n    \r\n    \r\n        500 - Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.
\r\n        System\.InvalidOperationException: Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\n  at fp\.ba \(Char A_0\) \[0x00000\] in :0 \n| p/McMyAdmin Minecraft game admin console/ v/2.2.14/
match http m|^HTTP/1\.0 500 Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\nContent-Type: text/html\r\nContent-Length: 769\r\nConnection: Close\r\n\r\n\r\n    \r\n        \r\n        Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\r\n    \r\n    \r\n        500 - Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.
\r\n        System\.InvalidOperationException: Unexpected new line: \x05\x04\0\x01\x02\xef\xbf\xbd\x05\x01\0\x03\[CRLF\]\.\n  at f8\.be \(Char A_0\) \[0x00000\] in :0 \n| p/McMyAdmin Minecraft game admin console/

match http-proxy m|^\nError\n400 Can not find method and URI in request
\r\nWhen trying to load smartcache://url-parse-error\.\n
\r\nGenerated by smart\.cache \(Smart Cache ([\w._-]+)\)\r\n\r\n$| p/Smart Cache http-proxy/ v/$1/

match socks5 m|^\x05\0\x05\0\0\x01.{6}HTTP|s i/No authentication required; connection ok/
match socks5 m|^\x05\0\x05\x01| i/No authentication; general failure/
match socks5 m|^\x05\0\x05\x02| i/No authentication; connection not allowed by ruleset/
match socks5 m|^\x05\0\x05\x03| i/No authentication; network unreachable/
match socks5 m|^\x05\0\x05\x04| i/No authentication; host unreachable/
match socks5 m|^\x05\0\x05\x05| i/No authentication; connection refused by destination host/
match socks5 m|^\x05\0\x05\x06| i/No authentication; TTL expired/
match socks5 m|^\x05\0\x05\x07| i|No authentication; command not supported/protocol error|
match socks5 m|^\x05\0\x05\x08| i/No authentication; address type not supported/

match socks5 m|^\x05\x01| i/GSSAPI authentication required/
match socks5 m|^\x05\x02| i|Username/password authentication required|

match socks5 m|^\x05\xFF$| i/No acceptable authentication method/

# When server doesn't buffer our probe properly. Seen on XMPP socks servers like Apple iChat, PyMSN, jabberd
match socks5 m|^\x05\0$| i/No authentication; connection failed/

softmatch socks5 m|^\x05|

# The following probe is designed to check the status of a SOCKS4 implementation.
#
# It attempts to create a TCP connection to 127.0.0.1:22. We supply a username root
# in the user id string field. We don't try to establish TCP port bindings on
# the SOCKS server though this could easily be added to a new probe.

Probe TCP Socks4 q|\x04\x01\x00\x16\x7f\x00\x00\x01root\x00|
rarity 8
ports 199,1080,1090,1095,1100,1105,1109,3128,6588,6660-6669,8000,8008,8080,8088

match socks4 m|^\0\x5a| p/Connection ok/
match socks4 m|^\0\x5b| p/Connection rejected or failed; connections possibly ok/
match socks4 m|^\0\x5c| p/Connection failed; ident required/
match socks4 m|^\0\x5d| p/Connection failed; username required/

match shell m|^\0Access is denied\n$| p/Windows Services for Unix rsh/ o/Windows/ cpe:/o:microsoft:windows/a


##############################NEXT PROBE##############################
Probe TCP OfficeScan q|GET /?CAVIT HTTP/1.1\r\n\r\n|
rarity 9
ports 12345
match http m|^HTTP/1.0 \d\d\d .*\r\nServer: OfficeScan Client| p/Trend Micro OfficeScan Antivirus http config/



##############################NEXT PROBE##############################
Probe TCP ms-sql-s q|\x12\x01\x00\x34\x00\x00\x00\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x0c\x03\x00\x28\x00\x04\xff\x08\x00\x01\x55\x00\x00\x00\x4d\x53\x53\x51\x4c\x53\x65\x72\x76\x65\x72\x00\x48\x0f\x00\x00|
rarity 8
ports 1433

match iscsi m|^\?\x80\x04\0\0\0\x000\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\x12\x01\x004\0\0\0\0\0\0\x15\0\x06\x01\0\x1b\0\x01\x02\0\x1c\0\x0c\x03\0\(\0\x04\xff\x08\0\x01U\0\0\0MSSQLServer\0$| p/iSCSI Target/ d/phone/ o/iOS/ cpe:/o:apple:iphone_os/

# Specific minor version lines. Check bytes 30–33:
# \x0a \x32 \x06\x40 → 10.50.1600
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x05\x77| p/Microsoft SQL Server 2005/ v/9.00.1399; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2005:gold/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x05\x7e| p/Microsoft SQL Server 2005/ v/9.00.1399.06; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2005:gold/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x07\xff| p/Microsoft SQL Server 2005/ v/9.00.2047; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp1/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x08\x7a| p/Microsoft SQL Server 2005/ v/9.00.2170; SP1+/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0b\xee| p/Microsoft SQL Server 2005/ v/9.00.3054; SP2+/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0b\xfc| p/Microsoft SQL Server 2005/ v/9.00.3068; SP2+ MS08-040/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0c\x01| p/Microsoft SQL Server 2005/ v/9.00.3073; SP2+ MS08-052/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0c\x05| p/Microsoft SQL Server 2005/ v/9.00.3077; SP2+ MS09-004/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x0b\xe2| p/Microsoft SQL Server 2005/ v/9.00.3042; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp2/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\t\x00\x0c\x08\x00\x00\x00\x00| p/Microsoft SQL Server 2005/ v/2005.90.3080.0/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\t\x00\x0f\xc3| p/Microsoft SQL Server 2005/ v/9.00.4035; SP3/ o/Windows/ cpe:/a:microsoft:sql_server:2005:sp3/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\t\x00\x0f\xd5| p/Microsoft SQL Server 2005/ v/9.00.4053; SP3+ MS09-062/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x08\x07| p/Microsoft SQL Server 2000/ v/8.00.2055; SP4+ MS09-004/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x08\x02| p/Microsoft SQL Server 2000/ v/8.00.2050; SP4+ MS08-040/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x07\xf7| p/Microsoft SQL Server 2000/ v/8.00.2039; SP4/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp4/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x03\x32| p/Microsoft SQL Server 2000/ v/8.00.818; SP3+/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\xfe| p/Microsoft SQL Server 2000/ v/8.00.766; SP3a/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp3a/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\xf8| p/Microsoft SQL Server 2000/ v/8.00.760; SP3/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp3/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x02\x16| p/Microsoft SQL Server 2000/ v/8.00.534; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp2/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x01\x7e| p/Microsoft SQL Server 2000/ v/8.00.384; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2000:sp1/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x01\x37| p/Microsoft SQL Server 2000/ v/8.00.311; RTMa/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08\x00\x00\xc2| p/Microsoft SQL Server 2000/ v/8.00.194; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2000:gold/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x10\x73| p/Microsoft SQL Server 2005/ v/9.0.4211; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x13\x88| p/Microsoft SQL Server 2005/ v/9.0.5000; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09\x00\x13\xcd| p/Microsoft SQL Server 2005/ v/9.0.5069; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x04\x33|s p/Microsoft SQL Server 2008/ v/10.0.1075; CTP/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x06\x40|s p/Microsoft SQL Server 2008/ v/10.0.1600; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2008:gold/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x09\xe3|s p/Microsoft SQL Server 2008/ v/10.0.2531; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp1/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x0a\xba|s p/Microsoft SQL Server 2008/ v/10.0.2746; SP1+ Cumulative Update 5/ o/Windows/ cpe:/a:microsoft:sql_server:2008:sp1/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x06\xfb|s p/Microsoft SQL Server 2008/ v/10.0.1787; Cumulative Update 3/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x0f\xe0|s p/Microsoft SQL Server 2008/ v/10.0.4064.0/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x06\x40|s p/Microsoft SQL Server 2008 R2/ v/10.50.1600; RTM/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:gold/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x06\x51|s p/Microsoft SQL Server 2008 R2/ v/10.50.1617; RTM+ MS11-049/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x09\xc4|s p/Microsoft SQL Server 2008 R2/ v/10.50.2500; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp1/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00\x0f\xa0|s p/Microsoft SQL Server 2008 R2/ v/10.50.4000; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp1/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32\x10\xb4|s p/Microsoft SQL Server 2008 R2/ v/10.50.4276; SP2/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2:sp2/ cpe:/o:microsoft:windows/
match ms-sql-s m|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00\x0c\x38|s p/Microsoft SQL Server 2012/ v/11.0.3128; SP1/ o/Windows/ cpe:/a:microsoft:sql_server:2012:sp1/ cpe:/o:microsoft:windows/

#Major version match lines - in the event that minor versions do not match
softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x08| p/Microsoft SQL Server 2000/ o/Windows/ cpe:/a:microsoft:sql_server:2000/ cpe:/o:microsoft:windows/
softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x09| p/Microsoft SQL Server 2005/ o/Windows/ cpe:/a:microsoft:sql_server:2005/ cpe:/o:microsoft:windows/
softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x00| p/Microsoft SQL Server 2008/ o/Windows/ cpe:/a:microsoft:sql_server:2008/ cpe:/o:microsoft:windows/
softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0a\x32| p/Microsoft SQL Server 2008 R2/ o/Windows/ cpe:/a:microsoft:sql_server:2008_r2/ cpe:/o:microsoft:windows/
softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x01\x03\x00\x1d\x00\x00\xff\x0b\x00|s p/Microsoft SQL Server 2012/ o/Windows/ cpe:/a:microsoft:sql_server:2012/ cpe:/o:microsoft:windows/
softmatch ms-sql-s m|^\x04\x01\x00\x25\x00\x00\x01| p/Microsoft SQL Server/ o/Windows/ cpe:/a:microsoft:sql_server/ cpe:/o:microsoft:windows/

match ms-sql-s m|^\x04\x01\x00\x2b\x00\x00\x00\x00\x00\x00\x1a\x00\x06\x01\x00\x20\x00\x01\x02\x00\x21\x00\x01\x03\x00\x22\x00\x00\x04\x00\x22\x00\x01\xff\x08\x00\x02\x10\x00\x00\x02\x00\x00| p/Dionaea honeypot MS-SQL server/


##############################NEXT PROBE##############################
# ActiveMQ's STOMP (Streaming Text Orientated Messaging Protocol)
Probe TCP HELP4STOMP q|HELP\n\n\0|
rarity 8
ports 6163,61613
match stomp m|^ERROR\nmessage:Unknown STOMP action:.+ org\.apache\.activemq\.|s p/Apache ActiveMQ/

# The following line matches IPDS (IBM's Intelligent Printer Data Stream) on port 9600
# match ipds m|^%%\[ Error: syntaxerror; Offending Command:|s p/IPDS Service/ d/printer/

##############################NEXT PROBE##############################
# memcache, text mode protocol
Probe TCP Memcache q|stats\r\n|
rarity 8
ports 11211
match memcache m|^STAT pid (\d+)\r\nSTAT uptime (\d+)\r\n.*?STAT version ([\w_.-]+)\r\n.*?STAT curr_items (\d+)\r\nSTAT total_items (\d+)\r\nSTAT bytes (\d+)\r\n|s p/memcached/ v/$3/ i/PID $1; uptime $2 seconds; curr items: $4; total items: $5; bytes cached: $6/


##############################NEXT PROBE##############################
# Beast Trojan v2
Probe TCP beast2 q|666|
rarity 9
ports 666,6666
match backdoor m|^666(\d+)\xff(\d+)\xff(\d+)\xff$| p/Beast Trojan/ v/version 2/ i/**BACKDOOR**; No password; New server port: $1; New client ports: $2, $3/ o/Windows/ cpe:/o:microsoft:windows/a


##############################NEXT PROBE##############################
Probe TCP firebird q|\0\0\0\x01\0\0\0\x13\0\0\0\x02\0\0\0\x24\0\0\0\x0bservice_mgr\0\0\0\0\x02\0\0\0\x13\x01\x08scanner \x04\x05nmap \x06\0\0\0\0\0\x08\0\0\0\x01\0\0\0\x02\0\0\0\x03\0\0\0\x02\0\0\0\x0a\0\0\0\x01\0\0\0\x02\0\0\0\x03\0\0\0\x04|
rarity 8
ports 3050

match firebird m|^\0\0\0\x03\0\0\0\x0a\0\0\0\x01| p/Firebird RDBMS/ v/Protocol version 10/
softmatch firebird m|^\0\0\0\x03\0\0\0.\0\0\0.|s p/Firebird RDBMS/



# Following 4 probes created by Tom Sellers:
##############################NEXT PROBE##############################
Probe TCP ibm-db2-das q|\0\0\0\0DB2DAS      \x01\x04\0\0\0\x10\x39\x7a\0\x01\0\0\0\0\0\0\0\0\0\0\x01\x0c\0\0\0\0\0\0\x0c\0\0\0\x0c\0\0\0\x04|
rarity 8
ports 523,50000
match ibm-db2 m|^\0\0\0\0DB2DAS\x20\x20\x20\x20\x20\x20.{28}\x9b\0\0\0\x0c\0\0\0Z\0\0\0\x10\0\0\0\x0c\0\0\0L\0\0\0\0\0\0\0\$\0\0\0\x0c\0\0\0O\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x10\0\0\0\x0c\0\0\0L\0\0\0\0\0\0\0\x19\0\0\0\x0c\0\0\0\x04\0\0\x04\xb8SQL0(\d)(\d\d)(\d+)|s p/IBM DB2 Database Server/ v/$1.$2.$3/


##############################NEXT PROBE##############################
Probe TCP ibm-db2 q|\x01\xc2\0\0\0\x04\0\0\xb6\x01\0\0SQLDB2RA\0\x01\0\0\x04\x01\x01\0\x05\0\x1d\0\x88\0\0\0\x01\0\0\x80\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x08\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x01\0\0\x40\0\0\0\x40\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x02\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\0\0\0\0\x01\0\0\x40\0\0\0\0\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x04\0\0\0\x03\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x08\0\0\0\x01\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x10\0\0\0\x01\0\0\x80\0\0\0\x01\x10\0\0\0\x01\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x80\0\0\0\x01\x04\0\0\0\x03\0\0\x80\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\x01\x04\0\0\x01\0\0\x80\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\x40\0\0\0\x01\0\0\0\0\x01\0\0\x40\0\0\0\0\x20\x20\x20\x20\x20\x20\x20\x20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x7f|
rarity 8
ports 523,50000-50025,60000-60025

match ibm-db2 m|(?<=.)DB2/([^\0]+)\0\0\0\0\0\0\0\0.{1,4}\0\0\0\0\0\0\0SQL0(\d)(\d\d)(\d+)|s p/IBM DB2 Database Server/ v/$2.$3.$4/ o/$1/
match ibm-db2 m|^\0\xa9\x10..\x01\0\0SQLDB2RA\x01\0\x05\0.{10,13}SQLCA|s p/IBM DB2 Database Server/


##############################NEXT PROBE##############################
Probe TCP pervasive-relational q|Client string for PARC version 1 Wire Encryption version 1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
rarity 8
ports 1583,3351

match psql m|^\0{255}| p/Pervasive.SQL Server - Relational Engine/
match psql m|^\0Server string for PARC version 1 Wire Encryption version 1\0| p/Pervasive.SQL Server - Relational Engine/ i/encrypted/


##############################NEXT PROBE##############################
Probe TCP pervasive-btrieve q|\x3c\0\x4b\0\0\0\x20\0\0\0\0\0\0\0\0\0\xff\xff\xff\xff\0\0\x0a\x04\xa0\xbe\x53\x03\x55\x52\0\0\x3c\0\0\0\x05\0\0\0\0\0\0\0\0\0\x1a\0\x3c\0\0\0\0\0\x0a\0\0\0\0\0|
ports 1583,3351
rarity 8
match psql-btrieve m|^A\0K\0\0\0....\0\0\0\0\0\0\xff\xff\xff\xff\0\0\n\x04\xa0|s p/Pervasive.SQL Server - Btrieve Engine/

# Following probe created by Patrik Karlsson:
##############################NEXT PROBE##############################
Probe UDP ibm-db2-das-udp q|DB2GETADDR\0SQL08010\0|
rarity 8
ports 523

match ibm-db2 m|^DB2RETADDR\0SQL0(\d)(\d\d)(\d+)\0([^\0]+)\0|s p/IBM DB2 Database Server/ v/$1.$2.$3/ i/Hostname: $4/

##############################NEXT PROBE##############################
# Apache JServe Protocol (ajp) v1.3 Ping request
Probe TCP ajp q|\x12\x34\x00\x01\x0a|
rarity 8
ports 8008,8009

# AJP 1.3 Ping response
match ajp13 m|^\x41\x42\x00\x01\x09$| p/Apache Jserv/ i/Protocol v1.3/


##############################NEXT PROBE##############################
# DNS-based service discovery (DNS-SD). Asks for all services on the host.
# http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt, section 9.
Probe UDP DNS-SD q|\0\0\0\0\0\x01\0\0\0\0\0\0\x09_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01|
rarity 4
ports 5353

match domain m|^\0\0\x80\x80\0\x01\0\0\0\r\0\x0b\t_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01| p/Desktop Authority named/
# mDNSResponder-176.3
# Avahi under Ubuntu
match mdns m|^\0\0\x84\0\0\x01..\0\0\0\0\x09_services\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01|s p/DNS-based service discovery/
match hbn3 m|^\0\0\x84\0\0\0\0\x01\0\0\0\0.Lexmark (\w+)\x0c_host-config\x04_udp\x05local\0\0\x10\0\x01\0\0\0<\x01\x19.IPADDRESS [\d.]+.IPNETMASK [\d.]+.IPGATEWAY [\d.]+.IPNAME \"([\w._-]+)\"\x15MACLAA \"000000000000\"\x15MACUAA \"([0-9A-F]{12})\"|s p/Lexmark hbn3 (DNS-SD-like configuration)/ i/Lexmark $1 printer; MAC $3/ d/printer/ h/$2/


##############################NEXT PROBE##############################
# HP Printer Job Language, supported on most PostScript printers.
# http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13208/bpl13208.pdf
# http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13207/bpl13207.pdf
Probe TCP hp-pjl q|\x1b%-12345X@PJL INFO ID\x0d\x0a\x1b%-12345X\x0d\x0a|
ports 9100-9107
rarity 9

# Most printers respond with the printer version in quotes
match hp-pjl m|^@PJL INFO ID\r?\n\"([^"]+)\"\r?\n| p/$1/ d/printer/
# Some respond without the quotes
match hp-pjl m|^@PJL INFO ID\r?\n([\w\d _-]+)\r?\n| p/$1/ d/printer/
# Some respond with blank info
match hp-pjl m|@PJL\x20INFO\x20ID\r?\n\r?\n| d/printer/

# COMMENTING THIS SOFTMATCH OUT. It is meant to stop causing a bunch
# of extra printing of probes against PJL ports (those port numbers
# are excluded by default anyway), but it caused problems described in
# this thread: http://seclists.org/nmap-dev/2010/q2/753
# But it might be useful for people doing pjl testing specifically.
# softmatch hp-pjl m|^| i/hp-pjl probe got something back/

##############################NEXT PROBE##############################
# Citrix MetaFrame application discovery service
# http://sh0dan.org/oldfiles/hackingcitrix.html
Probe UDP Citrix q|\x1e\0\x01\x30\x02\xfd\xa8\xe3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
rarity 5
ports 1604

# Citrix MetaFrame
match icabrowser m|^\x30\0\x02\x31\x02\xfd\xa8\xe3\x02\0\x06\x44| p/Citrix MetaFrame/

match ntp m|^\x1e\xc0\x010\x02\0\xa8\xe3\0\0\0\0$| p/Digium Switchvox PBX ntpd/ d/PBX/

##############################NEXT PROBE##############################
# Kerberos AS_REQ with realm NM, server name krbtgt/NM, missing client name.
Probe UDP Kerberos q|\x6a\x81\x6e\x30\x81\x6b\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\x0a\xa4\x81\x5e\x30\x5c\xa0\x07\x03\x05\0\x50\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x17\x30\x15\xa0\x03\x02\x01\0\xa1\x0e\x30\x0c\x1b\x06krbtgt\x1b\x02NM\xa5\x11\x18\x0f19700101000000Z\xa7\x06\x02\x04\x1f\x1e\xb9\xd9\xa8\x17\x30\x15\x02\x01\x12\x02\x01\x11\x02\x01\x10\x02\x01\x17\x02\x01\x01\x02\x01\x03\x02\x01\x02|
rarity 5
ports 88

# MIT 1.2.8
match kerberos-sec m=^~\x81[\x86-\x88]0\x81[\x83-\x85]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa2\x11\x18\x0f\d{14}Z\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01\x06\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\(\x1b&Client not found in Kerberos database\0$=s p/MIT Kerberos/ v/1.2/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:mit:kerberos:5-1.2/
# OS X 10.6.2; MIT 1.3.5, 1.6.3, 1.7.
match kerberos-sec m=^~[\x6b-\x6d]0[\x69-\x6b]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa2\x11\x18\x0f\d{14}Z\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01\x06\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\x0e\x1b\x0cNULL_CLIENT\0$=s p/MIT Kerberos/ v/1.3 - 1.8/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:mit:kerberos:5-1/

# Heimdal 1.0.1-5ubuntu4
match kerberos-sec m=^~[\x60-\x62]0[\x5e-\x60]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01<\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM\xab\x16\x1b\x14No client in request$=s p/Heimdal Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ cpe:/a:heimdal:kerberos/

match kerberos-sec m=^~[\x48-\x4a]0[\x46-\x48]\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z\xa5[\x03-\x05]\x02(?:\x03...|\x02..|\x01.)\xa6\x03\x02\x01D\xa9\x04\x1b\x02NM\xaa\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtgt\x1b\x02NM$=s p/Windows 2003 Kerberos/ i/server time: $1-$2-$3 $4:$5:$6Z/ o/Windows/ cpe:/a:microsoft:kerberos/ cpe:/o:microsoft:windows/a

# DCE RPC Reject
match msrpc m|^\x04\x06\x20\0\x10\0\0\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa4\x81\x5e0\x5c\xa0\x07\x03\x05\0\x50\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x170\x15\xa0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtg....|s p/Microsoft RPC/ o/Windows/ cpe:/o:microsoft:windows/a

##############################NEXT PROBE##############################
# SqueezeCenter discovery
Probe UDP SqueezeCenter q|eIPAD\0NAME\0JSON\0VERS\0UUID\0JVID\x06\x12\x34\x56\x78\x12\x34|
rarity 8
ports 3483

match squeezecenter m|^ENAME.{1}(.+)JSON.{1}(\d+)VERS.{1}(.+)UUID.{1}(.+)$| p/Logitech SqueezeCenter music server/ v/$3/ i/Server Name: $1, JSON: $2, UUID: $4/


##############################NEXT PROBE##############################
# AFP - Request GetStatus
Probe TCP afp q|\x00\x03\0\x01\0\0\0\0\0\0\0\x02\0\0\0\0\x0f\0|
rarity 6
ports 548

# See other AFP matches in SSLSessionReq.

# Netatalk 2.2.1dev
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.([^\0\x01]+)[\0\x01].*Netatalk([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/
# Netatalk 2.2.0
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x79.([^\0\x01]+)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/
# Netatalk 2.2.1
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x79.([\w._-]+)[\0\x01].*Netatalk([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/
# Netatalk 2.2.0
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.(FreeNAS)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/FreeNAS; name: $1; protocol 3.3/ o/FreeBSD/ cpe:/a:netatalk:netatalk:$2/ cpe:/o:freebsd:freebsd/
# Netatalk 2.2.1.1-0u
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x5d.([\w._-]+)[\0\x01].*Netatalk\0([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/

match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.([^\0\x01]+)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$2/ i/name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$2/
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.(MyBookWorld)[\0\x01].*Netatalk ([\w._-]+)\x05\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$SUBST(2,"-",".")/ i/Western Digital MyBook World NAS device; name: $1; protocol 3.3/ o/Unix/ cpe:/a:netatalk:netatalk:$SUBST(2,"-",".")/
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x8f\x7d.([\w._-]+)[\0\x01].*Netatalk([\w._-]+)\x08\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2\x06AFP3\.3|s p/Netatalk/ v/$SUBST(2,"-",".")/ i/QNAP NAS TS-219P+; name: $1; protocol 3.3/ o/Linux/ cpe:/a:netatalk:netatalk:$SUBST(2,"-",".")/ cpe:/o:linux:linux_kernel:2.6/

match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x81\x7d\0\0.*Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x04\x04DHX2\tDHCAST128|s p/Netatalk/ i/protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk/
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7f.([^\0\x01]+)[\0\x01].*Netatalk\x04\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2|s p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/

# Netatalk 2.0.5
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7d.([^\0\x01]+)[\0\x01].*\x08Netatalk\x04\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2|s p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7d.([^\0\x01]+)[\0\x01].*\x08Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1|s p/Netatalk/ v/2/ i/name: $1; protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk:2/
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x7d.([^\0\x01]+)[\0\x01].*\x08Netatalk\x07\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2| p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/

# Netatalk 2.0.4
# Netatalk 2.0.3
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x79.([^\0\x01]+)[\0\x01].*\x08Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1|s p/Netatalk/ v/2/ i/name: $1; protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk:2/
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x79.([^\0\x01]+)[\0\x01].*\x08Netatalk\x04\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x06AFP3\.2|s p/Netatalk/ v/2/ i/name: $1; protocol 3.2/ o/Unix/ cpe:/a:netatalk:netatalk:2/

match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x83\x59.([^\0\x01]+)[\0\x01].*\x08Netatalk\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1|s p/Netatalk/ v/2/ i/name: $1; protocol 3.1/ o/Unix/ cpe:/a:netatalk:netatalk:2/

# Netatalk 1.6.4
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x80\x7d.([^\0\x01]+)[\0\x01].*\x04unix\x04\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2|s p/Netatalk/ v/1.6/ i/name: $1; protocol 2.2/ o/Unix/ cpe:/a:netatalk:netatalk:1.6/

# Novell NetWare AFP
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\0\xbf.([^\0]+)\0.*\x16Novell NetWare ([0-9.]+)\x06\x0eAFPVersion 1\.1\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x06AFPX03\x06AFP3\.1\x02\x10[^\x16]+\x16|s p/Novell NetWare AFP/ v/$2/ i/name: $1; protocol 3.1/ o/Novell NetWare/

# Novell Open Enterprise Server
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\0\xb7.([^\0]+)\0.*\x1fNovell\x20Open\x20Enterprise\x20Server\x202|s p/Novell Open Enterprise Server/ v/2/ i/name: $1/ o/Linux/ cpe:/o:linux:linux_kernel/a

# Windows NT or Windows 2000
match afp m|^\x01\x03\0\x01\0\0\0\0....\0\0\0\0........\x80\x7f.([^\0\x01]+)[\0\x01].*\x0aWindows NT\x03\x0eAFPVersion 2\.0\x0eAFPVersion 2\.1\x06AFP2\.2\x03\x10ClearTxt Passwrd\x0eMicrosoft V1\.0\x05MS2\.0|s i/name: $1; protocol 2.1/ o/Windows/ cpe:/o:microsoft:windows/

# Seems to repeat the length in the first reserved field.
match afp m|^\x01\x03\0\x01\0\0\0\0................\x03\xff.([^\0\x01]+)[\0\x01].*Windows Version: 5\.0 \(2\) build 2195 Service Pack (\d+) (\d+)-bit \(ExtremeZ-IP ([\w._-]+)x05\)\x03\x06AFP3\.2\x06AFP3\.1\x06AFP2\.2.*afpserver/([\w._@-]+)\0|s p/ExtremeZ-IP AFP/ v/$4/ i/name: $1; afpserver: $5; protocol 3.2; $3-bit/ o/Windows 2000 SP$2/ cpe:/o:microsoft:windows_2000:sp$2/
match afp m|^\x01\x03\0\x01\0\0\0\0................\x03\xff.([^\0\x01]+)[\0\x01].*Windows Version: 5\.1 \(2\) build 2600 Service Pack (\d+) (\d+)-bit \(ExtremeZ-IP ([\w._-]+)x10\)\x02\x06AFP2\.2\x06AFP3\.1.*afpserver/([\w._@-]+)\0|s p/ExtremeZ-IP AFP/ v/$4/ i/name: $1; afpserver: $5; protocol 3.1; $3-bit/ o/Windows XP SP$2/ cpe:/o:microsoft:windows_xp:sp$2/


##############################NEXT PROBE##############################
# Quake2 status
Probe UDP Quake2_status q|\xff\xff\xff\xffstatus|
rarity 8
ports 27910-27914

match quake2 m|^\xff\xff\xff\xffprint\n.*\\version\\([^\\]* Linux)(?=\\).*\\gamename\\data1(?=\\)| p/Alien Arena game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a

##############################NEXT PROBE##############################
# Quake3 getstatus
Probe UDP Quake3_getstatus q|\xff\xff\xff\xffgetstatus|
rarity 8
ports 26000-26004,27960-27964,30720-30724,44400

match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\gamename\\Nexuiz(?=\\).*\\gameversion\\([^\\]*)(?=\\)| p/Nexuiz game server/ v/$1/
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* linux-[^\\]*)(?=\\).*\\gamename\\baseoa(?=\\)| p/OpenArena game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* freebsd-[^\\]*)(?=\\).*\\gamename\\baseoa(?=\\)| p/OpenArena game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\tremulous ([^\\]* linux-[^\\]*)(?=\\)| p/Tremulous game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\tremulous ([^\\]* freebsd-[^\\]*)(?=\\)| p/Tremulous game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* linux-[^\\]*)(?=\\).*\\gamename\\q3ut4(?=\\)| p/Urban Terror game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* freebsd-[^\\]*)(?=\\).*\\gamename\\q3ut4(?=\\)| p/Urban Terror game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* Linux)(?=\\).*\\gamename\\Warsow(?=\\)| p/Warsow game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* linux-[^\\]*)(?=\\)| p/World of Padman game server/ v/$1/ o/Linux/ cpe:/o:linux:linux_kernel/a
match quake3 m|^\xff\xff\xff\xffstatusResponse\n.*\\version\\([^\\]* freebsd-[^\\]*)(?=\\)| p/World of Padman game server/ v/$1/ o/FreeBSD/ cpe:/o:freebsd:freebsd/a

##############################NEXT PROBE##############################
# Quake 3 and other games
# http://svn.icculus.org/twilight/trunk/dpmaster/doc/techinfo.txt?view=markup
# Protocol 68 is a specific revision of Quake 3, but the server should respond
# with an empty server list even if it doesn't know that game.
Probe UDP Quake3_master_getservers q|\xff\xff\xff\xffgetservers 68 empty full|
rarity 9
ports 27950,30710

match quake3-master m|^\xff\xff\xff\xffgetserversResponse|

##############################NEXT PROBE##############################
# SqueezeCenter CLI
# http://wiki.slimdevices.com/index.php/CLI
Probe TCP SqueezeCenter_CLI q|serverstatus\r\n|
rarity 8
ports 9090

match squeezecli m|^serverstatus.*version%3A([\.\d]+) uuid%3A([-\w]+) info%20total%20albums%3A\d+ info%20total%20artists%3A\d+ info%20total%20genres%3A\d+ info%20total%20songs%3A(\d+) player%20count%3A\d+ sn%20player%20count%3A\d+ other%20player%20count%3A\d+\r\n|s p/SqueezeCenter CLI/ v/$1/ i/UUID: $2, Total songs: $3/

##############################NEXT PROBE##############################
# Arucer backdoor
# http://www.kb.cert.org/vuls/id/154421
# The probe is the UUID for the 'YES' command, which is basically a ping command, encoded by XORing with 0xE5 (the original string is "E2AC5089-3820-43fe-8A4D-A7028FAD8C28"). The response is the string 'YES', encoded the same way.
Probe TCP Arucer q|\xC2\xE5\xE5\xE5\x9E\xA0\xD7\xA4\xA6\xD0\xD5\xDD\xDC\xC8\xD6\xDD\xD7\xD5\xC8\xD1\xD6\x83\x80\xC8\xDD\xA4\xD1\xA1\xC8\xA4\xD2\xD5\xD7\xDD\xA3\xA4\xA1\xDD\xA6\xD7\xDD\x98\xE5|
rarity 8
ports 7777

match arucer m|^\xbc\xa0\xb6$| p/Arucer backdoor/ i/**BACKDOOR**/ o/Windows/ cpe:/o:microsoft:windows/a

##############################NEXT PROBE##############################
# Mac OS X Server serialnumberd; checks for other servers with the same serial
# number on the local network. AAAAAA is a dummy value.
Probe UDP serialnumberd q|SNQUERY: 127.0.0.1:AAAAAA:xsvr|
rarity 8
ports 626

match serialnumber m|^SNRESPS:127\.0\.0\.1:(0x[0-9A-F]{40}):xsvr:(0x[0-9A-F]{40}):(0x[0-9a-f]{8}):(0x[0-9A-F]{40}):127\.0\.0\.1\0$| p/Mac OS X Server serialnumberd/ i/numbers: $1 $2 $3 $4/ o/Mac OS X/ cpe:/o:apple:mac_os_x/a
match serialnumber m|^SNRESPS:([\w._-]+):(0x[0-9A-F]{40}):xsvr:(0x[0-9A-F]{40}):(0x[0-9a-f]{8}):(0x[0-9A-F]{40}):[\w._-]+\0$| p/Mac OS X Server serialnumberd/ i/numbers: $2 $3 $4 $5/ o/Mac OS X/ h/$1/ cpe:/o:apple:mac_os_x/a

##############################NEXT PROBE##############################
# Lotus Domino Console
#
Probe TCP dominoconsole q|\#ST\n|
rarity 8
sslports 2050

match dominoconsole m|^([^/]+)/([\w._-]+):([^:]*):([^:]*):| p/Lotus Domino Console/ i/domain: $1; description: "$4"/ o/$3/ h/$2/

##############################NEXT PROBE##############################
# Informix probe
#
Probe TCP informix q|\0\x94\x01\x3c\0\0\0\x64\0\x65\0\0\0\x3d\0\x06IEEEM\0\0lsqlexec\0\0\0\0\0\0\x069.280\0\0\x0cRDS\#R000000\0\0\x05sqli\0\0\0\x01\x33\0\0\0\0\0\0\0\0\0\x01\0\x05nmap\0\0\x05nmap\0ol\0\0\0\0\0\0\0\0\0=tlitcp\0\0\0\0\0\x01\0\x68\0\x0b\0\0\0\x03\0\x05nmap\0\0\0\0\0\0\0\0\0\0\0\0\x6a\0\0\0\x7f|
rarity 8
ports 1526,9088-9100

match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([A-Z]\:[^/]*)\0\0t\0\x08\x01Y\0\x06\x01Y\0\0\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ o/Windows/ h/$1/ cpe:/o:microsoft:windows/a
match informix m|^.{2}\x03<\x10\0\0d\0e\0\0\0=\0\x06IEEEI\0\0lsrvinfx\0\0\0\0\0\0\x05V1.0\0\0\x04SER\0\0\x08asfecho\0{19}o[ln]\0{9}=soctcp\0{5}\x01\0\x66\0{6}\xfcI..\0\0\0\x01\0\0\0.nmap@[\d\w.]+\0k\0\0\0\0\0\0..\0\0\0\0\0.(.*)\0\0..*\0\0.([^\\]*)\0\0t\0\x08\0\0\x03\xe9\0\0\x03\xe9\0\x7f$| p/Informix Dynamic Server/ v/11.50/ i/Path: $2/ h/$1/

##############################NEXT PROBE##############################
# The DRDA protocol is used by both Informix and DB2
#
Probe TCP drda q|\0\x32\xd0\x01\0\x01\0\x2c\x10\x41\0\x04\x11\x5e\0\x04\x11\x6d\0\x04\x11\x5a\0\x18\x14\x04\x14\x03\x00\x07\x24\x07\0\x08\x24\x0f\x00\x08\x14\x40\0\x08\x14\x74\0\x08\0\x04\x11\x47|
rarity 8
ports 50000,60000,1526,1527,9088-9100

softmatch drda m|^\0.......\x14\x43..\x11\x5e.*\x11\x47|

##############################NEXT PROBE##############################
# MQ Initial Packet Queue-manager=nmap-probe; channel=SYSTEM.ADMIN.SRVCONN
#
Probe TCP ibm-mqseries q|TSH\x20\x00\x00\x00\xEC\x01\x01\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x04\xB8\x00\x00\x49\x44\x20\x20\x0A\x26\x00\x00\x00\x00\x00\x00\x00\x00\x7F\xF6\x06\x40\x00\x00\x00\x00\x00\x00SYSTEM\.ADMIN\.SVRCONN\x51\x00\x04\xB8nmap-probe\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x00\x00\x00\x01\x00\x6A\x00\x00\x00\xFF\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02MQJB00000000CANNED_DATA\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20|
rarity 8
ports 1414-1420

match ibm-mqseries m|^TSH\x20\0\0\0\xec\x02\x01\x02\0\0\0\0\0\0\0\0\0\x11\x01\x00\x00..\0\0ID\x20\x20\x08&\0\x98\0\0\0\0\xf6\x7f\x00\x00\0\x00\x40\0\0\0\0\0([^\s]*)\s*\x2c\x01\0\0\0\0\0\0\0\xff\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x02MQJB00000000CANNED_DATA\s*$|s p/IBM WebSphere MQ/ v/6.0/ i/channel: $1/ cpe:/a:ibm:websphere_mq:6.0/
match ibm-mqseries m|^TSH\x20\0\0\0\xec\x02\x01\x02\0\0\0\0\0\0\0\0\0\x11\x01\x00\x00..\0\0ID\x20\x20\x0a&\0\x90\0\0\0\0\xf6\x7f\x00\x00\0\x00\x40\0\0\0\0\0([^\s]*)\s*\x51\x00\xb5\x01([^\s]*)\s*\x2c\x01\0\0\0\0\0\0\0\xff\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\0\0\0\0\0\n\0\0\0\0\0\0\0..\0\0.\0\0\0.\0\0\0[^\s]*\s*$|s p/IBM WebSphere MQ/ v/7.0/ i/queue manager: $2, channel: $1/ cpe:/a:ibm:websphere_mq:7.0/
match ibm-mqseries m|^TSH\x20\0\0\0\xec\x01\x01\x02\0\0\0\0\0\0\0\0\0\x00\x00\x01\x11..\0\0ID\x20\x20\x0a&\0\x90\0\0\0\0\x00\x00\x7f\xf6\0\x40\x00\0\0\0\0\0([^\s]*)\s*\x00\x00\x01\x2c\0\0\0\0\0\xff\0\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\n\0\0\0\0\0.*MQMM07000107JJ\.PRD\.(QM02_\d\d\d\d-\d\d-\d\d_\d+\.\d+\.\d+)\s*$|s p/IBM WebSphere MQ/ v/7.0/ i/channel: $1; $2/ cpe:/a:ibm:websphere_mq:7.0/
match ibm-mqseries m|^TSH\x20\0\0\0\$\x01\x05\n\0\0\0\0\0\0\0\0\0\0\0\x02\"\x04\xb8\0\0\0\0\0\x08\0\0\0\x01$| p/IBM WebSphere MQ/ v/7.0.1/ cpe:/a:ibm:websphere_mq:7.0.1/

softmatch ibm-mqseries m|^TSH\x20\0\0\0| p/IBM WebSphere MQ/ cpe:/a:ibm:websphere_mq/

##############################NEXT PROBE##############################
# Queries iPhoto for the /server-info url containing the shared library name
#
Probe TCP apple-iphoto q|GET /server-info HTTP/1.1\r\nClient-DPAP-Version: 1\.1\r\nUser-Agent: iPhoto/9.1.1  (Macintosh; N; PPC)\r\n\r\n|
rarity 8
ports 8770

match apple-iphoto m|^HTTP/1\.1 200 OK\r\nDate: .*\r\nDPAP-Server: iPhoto/(.*)\r\nContent-Type: application/x-dmap-tagged\r\nContent-Length: \d+\r\n\r\nmsrv\0\0\0\x83mstt\0\0\0\x04\0\0\0\xc8mpro\0\0\0\x04\0\x02\0\0ppro\0\0\0\x04\0\x01\0\x01minm\0\0\0.(.*)mslr\0\0\0\x01\0mstm\0\0\0\x04\0\0\x07\x08msal\0\0\0\x01\0msau\0\0\0\x01\x02msas\0\0\0\x01\x03msix\0\0\0\x01\0msdc\0\0\0\x04\0\0\0\x01$| p/Apple iPhoto/ v/$1/ i/Library name: $2/

##############################NEXT PROBE##############################
# Zend Java Bridge, vulnerable control port, see
# 
# GetClassName called on an empty string.
Probe TCP ZendJavaBridge q|\0\0\0\x1f\0\0\0\0\0\0\0\x0cGetClassName\0\0\0\x02\x04\0\0\0\0\x01\0|
rarity 9
ports 5000,5001,5002,10001

match sybase-adaptive m|^\x04\x01\0\x28\0\0\0\0\xaa\x14\0\xa2\x0f\0\0\x01\x0eLogin failed\.\n\xfd\x02\0\x02\0\0\0\0\0$| p/Sybase Adaptive Server/ o/Windows/ cpe:/a:sybase:adaptive_server/ cpe:/o:microsoft:windows/a
match sybase-monitor m|^\x04\x01\0\x1a\0\0\0\0\xaa\x01\x0eLogin failed\.\n\xfd$| p/Sybase Monitor Server/ o/Windows/ cpe:/a:sybase:monitor_server/ cpe:/o:microsoft:windows/a

match zend-java-bridge m|^\0\0\0\x15\x04\0\0\0\x10java\.lang\.String$|

##############################NEXT PROBE##############################
# BackOrifice PING message, no password. The probe is the encryption of
# "*!*QWTY?\x13\0\0\0\0\0\0\0\x01\0\0". Servers with a password set will
# not reply.
# http://web.cip.com.br/flaviovs/boproto.html
Probe UDP BackOrifice q|\xCE\x63\xD1\xD2\x16\xE7\x13\xCF\x38\xA5\xA5\x86\xB2\x75\x4B\x99\xAA\x32\x58|
ports 31337
rarity 9

# Encryption of "*!*QWTY?........\x01  !PONG!1.20!".
match BackOrifice m|^\xCE\x63\xD1\xD2\x16\xE7\x13\xCF........\x01\x12\x78\xC4\xE3\xD6\xA6\x65\x51\x75\x51\xEB\x2A\x3F|s p/BackOrifice trojan/ v/1.20/ i/no password/ o/Windows/ cpe:/o:microsoft:windows/a

##############################NEXT PROBE##############################
Probe TCP gkrellm q|gkrellm 0.0.0|
rarity 9
ports 19150

match gkrellm m|^\n\ngkrellmd ([\w._-]+)\n| p/GKrellM System Monitor/ v/$1/

##############################NEXT PROBE##############################
Probe TCP vmware-esx q|00000001-00000001<_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance|
ports 443
rarity 9

##############################NEXT PROBE##############################
Probe TCP metasploit-xmlrpc q|nmap.probe\n\0|
ports 55553
sslports 55553
rarity 9
match metasploit-xmlrpc m|<\?xml\x20version=\"1\.0\"\x20\?>faultCode-99faultStringMethod\x20nmap\.probe\x20missing\x20or\x20wrong\x20number\x20of\x20parameters!\n\0|

##############################NEXT PROBE##############################
# MongoDB probe, this is a status request
# See http://www.mongodb.org/display/DOCS/Mongo+Wire+Protocol for more details
Probe TCP mongodb q|\x41\0\0\0\x3a\x30\0\0\xff\xff\xff\xff\xd4\x07\0\0\0\0\0\0test.$cmd\0\0\0\0\0\xff\xff\xff\xff\x1b\0\0\0\x01serverStatus\0\0\0\0\0\0\0\xf0\x3f\0|
rarity 8
ports 27017
match mongodb m|^.*version.....([\.\d]+)| p/MongoDB/ v/$1/
match mongodb m|^\xcb\0\0\0\xd5\xbfG\xee:0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\xa7\0\0\0\x01uptime\0\0\0\0\0\0 `@\x03globalLock\09\0\0\0\x01totalTime\0\0\0\0\x7c\xf0\x9a\x9eA\x01lockTime\0\0\0\0\0\0\xac\x9e@\x01ratio\0!\xc6\$G\xeb\x08\xf0>\0\x03mem\0<\0\0\0\x10resident\0\x03\0\0\0\x10virtual\0\xa2\0\0\0\x08supported\0\x01\x12mapped\0\0\0\0\0\0\0\0\0\0\x01ok\0\0\0\0\0\0\0\xf0\?\0$| p/MongoDB/

##############################NEXT PROBE##############################
# Sybase SQL Anywhere Ping Probe
Probe UDP sybaseanywhere q|\x1b\0\0\x3d\0\0\0\0\x12CONNECTIONLESS_TDS\0\0\0\x01\0\0\x04\0\x05\0\x05\0\0\x01\x02\0\0\x03\x01\x01\x04\x08\0\0\0\0\0\0\0\0\x07\x02\x04\xb1|
rarity 7
ports 2638
match sybaseanywhere m|^\x1b\0\0.\0\0\0\0\x12CONNECTIONLESS_TDS\0\0\0\x01\x01\0\x04\0\x05\0\x05\0.(.*)\0\x01\x02..\x03\x01\x02\x04\x08\0\0\0\0\0\0\0\0\x07\x02\x04\xb1|s p/Sybase SQL Anywhere/ i/Instance name: $1/

##############################NEXT PROBE##############################
# Vuze DHT PING probe
# See http://wiki.vuze.com/w/Distributed_hash_table#PING
Probe UDP vuze-dht q|\xff\xf0\x97\x0d\x2e\x60\xd1\x6f\0\0\x04\0\0\x55\xab\xec\x32\0\0\0\0\0\x32\x04\x0a\0\xc8\x75\xf8\x16\0\x5c\xb9\x65\0\0\0\0\x4e\xd1\xf5\x28|
rarity 8
ports 17555,49152-49156
match vuze-dht m|^\0\0\x04\x01\0U\xab\xec\xff\xf0\x97\r\.`\xd1o..........|s p/Vuze/

##############################NEXT PROBE##############################
# PC-Anywhere probe
Probe UDP pc-anywhere q|NQ|
rarity 8
ports 5632
match pc-anywhere m|^NR([^_]*)_*AHM_3___\0$|s p/Symantec PC-Anywhere/ i/Servername: $1/

##############################NEXT PROBE##############################
# PC-DUO host probe
Probe UDP pc-duo q|\0\x80\x80\x08\xff\0|
rarity 8
ports 1505
match pc-duo m|^.........(.*)\0|s p/Vector PC-Duo/ i/Servername: $1/

##############################NEXT PROBE##############################
# PC-DUO Gateway probe
Probe UDP pc-duo-gw q|\x20\x90\x80\x08\xff\0|
rarity 8
ports 2303
match pc-duo-gw m|^.........(.*)\0|s p/Vector PC-Duo Gateway Server/ i/Servername: $1/

##############################NEXT PROBE##############################
# Redis key-value store
Probe TCP redis-server q|\*1\r\n\$4\r\ninfo\r\n|
rarity 8
ports 6379
match redis-server m|-ERR operation not permitted\r\n|s p/Redis key-value store/
match redis-server m|^\$\d+\r\nredis_version:([.\d]+)\r\n|s p/Redis key-value store/ v/$1/

##############################NEXT PROBE##############################
# Memcached distributed memory object caching system
Probe TCP memcached q|stats\r\n|
rarity 8
ports 11211
match memcached m|^STAT pid \d+\r\nSTAT uptime \d+\r\nSTAT time \d+\r\nSTAT version ([.\d]+)\r\n|s p/Memcached/ v/$1/

##############################NEXT PROBE##############################
# Memcached distributed memory object caching system
Probe UDP memcached q|\0\x01\0\0\0\x01\0\0stats\r\n|
rarity 8
ports 11211
match memcached m|^\0\x01\0\0\0\x01\0\0STAT pid \d+\r\nSTAT uptime \d+\r\nSTAT time \d+\r\nSTAT version ([.\d]+)\r\n|s p/Memcached/ v/$1/

##############################NEXT PROBE##############################
# Sends a ServerInfo PBC request to the Basho Riak distributed database
Probe TCP riak-pbc q|\0\0\0\x01\x07|
rarity 8
ports 8087
match riak-pbc m|^....\x08..(riak@[\w._-]+)..([\w._-]+)$|s p/Basho Riak/ v/$2/ h/$1/

##############################NEXT PROBE##############################
# Sends a ServerInfo PBC request to the Basho Riak distributed database
Probe TCP tarantool q|show info\r\n|
rarity 8
ports 33015
match tarantool m|---\r\ninfo:\r\n  version: \"([^\"]*)\"\r\n  uptime: (\d*)\r\n  pid: (\d*)\r\n  (?:[._\w\s]*: .*\r\n)*  config: \"([^\"]*)\"| p/Tarantool/ v/$1/ i/Uptime: $2, PID: $3, Config: $4/

##############################NEXT PROBE##############################
# Sends a stats request to a Couchbase Membase server
Probe TCP couchbase-data q|\x80\x10\0\0\0\0\0\0\0\0\0\0\x15\xf0\xd1\x62\0\0\0\0\0\0\0\0|
rarity 8
ports 11210
match couchbase-tap m|^\x81\x10..\0\0\0\0\0\0\0.....\0\0\0\0\0\0\0\0ep_version([._\w]+).*ep_dbname([_\\\/\w\s:]*)|s p/Couchbase Membase/ v/$1/ i/DB name: $2/
match couchbase-tap m|^\x81\x10..\0\0\0\0\0\0\0.....\0\0\0\0\0\0\0\0ep_version([._\w]+)|s p/Couchbase Membase/ v/$1/

##############################NEXT PROBE##############################
# Sends a Get all registered names probe to the EPMD daemon
Probe TCP epmd q|\0\x01\x6e|
rarity 8
ports 4369
match epmd m|^\0\0\x11\x11| p/Erlang Port Mapper Daemon/

##############################NEXT PROBE##############################
# Voldemort Native Protocol Version 3 connect probe
Probe TCP vp3 q|vp3|
rarity 8
ports 6666
match vp3 m|^ok$| p/Voldemort/

##############################NEXT PROBE##############################
# Kumofs kumo-server version probe
Probe TCP kumo-server q|\x94\0\xcd\xef\xd1\x61\x91\x03|
ports 19800,19700
match kumo-server m|^\x94\x01\xcd\xef\xd1\xc0\xda\0.([^\s]*)|s p/Kumofs/ v/$1/
match kumo-manager m|^\x94\x01\xcd\xef\xd1\x05\xc0$| p/Kumofs/

##############################NEXT PROBE##############################
# Metasploit msgpack-based RPC. https://community.rapid7.com/docs/DOC-1516
Probe TCP metasploit-msgrpc q|GET /api HTTP/1.0\r\n\r\n|
rarity 9
# http://seclists.org/nmap-dev/2012/q2/971
ports 50505,55552
sslports 3790
match metasploit-msgrpc m|^HTTP/1\.1 200 OK\r\nContent-Type: binary/message-pack\r\nConnection: close\r\nServer: Rex\r\nContent-Length: 1084\r\n\r\n\x85\xa5error\xc3\xaberror_class\xadArgumentError\xacerror_string\xbdInvalid Request Verb: '\"GET\"'\xaferror_backtrace\xdc\x00\x12\xda\x000lib/msf/core/rpc/v10/service\.rb:107:in `process'\xda\x006lib/msf/core/rpc/v10/service\.rb:88:in `on_request_uri'\xda\x006lib/msf/core/rpc/v10/service\.rb:70:in `block in start'\xda\x00/lib/rex/proto/http/handler/proc\.rb:37:in `call'\xda\x005lib/rex/proto/http/handler/proc\.rb:37:in `on_request'\xda\x00| p/Metasploit Remote API/ v/4.4.0-dev/

##############################NEXT PROBE##############################
# svrloc
Probe UDP svrloc q|\x02\x01\x00\x006 \x00\x00\x00\x00\x00\x01\x00\x02en\x00\x00\x00\x15service:service-agent\x00\x07default\x00\x00\x00\x00|
rarity 8
ports 427
match svrloc m|^\x02\x0b| p/Service Location Protocol/ v/2/

##############################NEXT PROBE##############################
# Hazelcast In-Memory Data Grid >= 1.9-RC http://www.hazelcast.com/
# http://seclists.org/nmap-dev/2013/q2/7
Probe TCP hazelcast-http q|GET /hazelcast/rest/cluster HTTP/1.0\r\n\r\n\r\n|
rarity 9
ports 5701-5709
# Sample:
# |HTTP/1\.1 200 OK\r\nContent-Length: 114\r\n\r\nCluster \[2\] {\n\tMember \[127\.0\.0\.1\]:5701 this\n\tMember \[127\.0\.0\.1\]:5702\n}\n\nConnectionCount: 1\nAllConnectionCount: 95\n\r\n|
match hazelcast m|^HTTP/1\.1 200 OK\r\nContent-Length: \d+\r\n\r\nCluster \[\d+\] {\n\tMember (.*?)}\n\nConnectionCount: (\d+)\nAllConnectionCount: (\d+)\n\r\n$|s p/Hazelcast/ i/ConnectionCount $2; AllConnectionCount $3; $SUBST(1,"\n\tMember",",")/ cpe:/a:hazelcast:hazelcast/


##############################NEXT PROBE##############################
# Minecraft Server List Ping http://mc.kev009.com/Server_List_Ping
Probe TCP minecraft-ping q|\xFE\x01|
rarity 8
ports 25565

# Fields are Protocol version, Software version, motd, current player count, max players
match minecraft m|^\xff\x00.\x00\xa7\x00\x31\x00\x00(.+?)\x00\x00(.+?)\x00\x00(.+?)\x00\x00(.+?)\x00\x00(.+)|s p/Minecraft/ v/$P(2)/ i|Protocol: $P(1), Message: $P(3), Users: $P(4)/$P(5)|


##############################NEXT PROBE##############################
# Sends a distribution handshake to an Erlang Distribution Node.
# send_name request of protocol version 0, with only capability flags
# DFLAG_EXTENDED_REFERENCES and DFLAG_EXTENDED_PIDS_PORTS, and with a node name
# of "nm@p"
# http://erlang.org/doc/apps/erts/erl_dist_protocol.html#id90729
# http://seclists.org/nmap-dev/2013/q1/360
Probe TCP erlang-node q|\0\x0bn\0\0\0\0\x01\x04nm@p|
rarity 9

match erlang-node m|^\0\x03sok\0.n\0\0.{8}(.*)|s p/Erlang Distribution Node/ i/Node name: $1/
match erlang-node m|^\0[^\x03]s(.*)|s p/Erlang Distribution Node/ i/Status: $1/


##############################NEXT PROBE##############################
# UDP ping. "abcdefgh" is an identifier. See
# http://mumble.sourceforge.net/Protocol.
# http://seclists.org/nmap-dev/2013/q2/413
Probe UDP Murmur q|\0\0\0\0abcdefgh|
rarity 9
ports 64738

match murmur m|^\0...abcdefgh............$|s p/Murmur/ v/1.2.X/


##############################NEXT PROBE##############################
# Ventrilo 2.1.2+
# UDP general status request (encrypted).
# See http://aluigi.altervista.org/papers.htm#ventrilo
# http://seclists.org/nmap-dev/2013/q2/413
Probe UDP Ventrilo q|\x01\xe7\xe5\x75\x31\xa3\x17\x0b\x21\xcf\xbf\x2b\x99\x4e\xdd\x19\xac\xde\x08\x5f\x8b\x24\x0a\x11\x19\xb6\x73\x6f\xad\x28\x13\xd2\x0a\xb9\x12\x75|
rarity 9
ports 3784

match ventrilo m|^.{111}|s p/Ventrilo/ v/2.1.2+/


##############################NEXT PROBE##############################
# TeamSpeak 2 TCPQuery "ver" command.
# http://seclists.org/nmap-dev/2013/q2/413
Probe TCP teamspeak-tcpquery-ver q|ver\r\n|
rarity 9
ports 51234

match teamspeak-tcpquery m|^\[TS\]\r\n([\w._-]+) Win32 ([\w._-]+)\r\nOK\r\n$| p/TeamSpeak 2 TCPQuery/ v/$1/ i/$2/ o/Windows/
match teamspeak-tcpquery m|^\[TS\]\r\n([\w._-]+) Linux ([\w._-]+)\r\nOK\r\n$| p/TeamSpeak 2 TCPQuery/ v/$1/ i/$2/ o/Linux/


##############################NEXT PROBE##############################
# Login request.
# See http://wiki.wireshark.org/TeamSpeak2
# http://seclists.org/nmap-dev/2013/q2/413
Probe UDP TeamSpeak2 q|\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x32\x78\xba\x85\x09\x54\x65\x61\x6d\x53\x70\x65\x61\x6b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x57\x69\x6e\x64\x6f\x77\x73\x20\x58\x50\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x20\x00\x3c\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x6e\x69\x63\x6b\x6e\x61\x6d\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00|
rarity 9
ports 8767

match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00.............([^\0]+)[^\w\s]+Win32\0+[^\0].{355}$|s p/TeamSpeak 2/ i/name: $1; no password/ o/Windows/
match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00.............([^\0]+)[^\w\s]+Linux\0+[^\0].{355}$|s p/TeamSpeak 2/ i/name: $1; no password/ o/Linux/
match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00............\0{60}.{356}$|s p/TeamSpeak 2/
# THIS FILE IS GENERATED AUTOMATICALLY FROM A MASTER - DO NOT EDIT.
# EDIT /nmap-private-dev/nmap-services-all IN SVN INSTEAD.
# Well known service port numbers -*- mode: fundamental; -*-
# From the Nmap Security Scanner ( http://nmap.org )
#
# $Id: nmap-services 31220 2013-07-03 04:30:43Z david $
#
# Derived from IANA data and our own research
# 
# This collection of service data is (C) 1996-2011 by Insecure.Com
# LLC.  It is distributed under the Nmap Open Source license as
# provided in the COPYING file of the source distribution or at
# http://nmap.org/data/COPYING .  Note that this license
# requires you to license your own work under a compatable open source
# license.  If you wish to embed Nmap technology into proprietary
# software, we sell alternative licenses (contact sales@insecure.com).
# Dozens of software vendors already license Nmap technology such as
# host discovery, port scanning, OS detection, and version detection.
# For more details, see http://nmap.org/book/man-legal.html
#
# Fields in this file are: Service name, portnum/protocol, open-frequency, optional comments
#
tcpmux	1/tcp	0.001995	# TCP Port Service Multiplexer [rfc-1078]
tcpmux	1/udp	0.001236	# TCP Port Service Multiplexer
compressnet	2/tcp	0.000013	# Management Utility
compressnet	2/udp	0.001845	# Management Utility
compressnet	3/tcp	0.001242	# Compression Process
compressnet	3/udp	0.001532	# Compression Process
unknown	4/tcp	0.000477
rje	5/udp	0.000593	# Remote Job Entry
unknown	6/tcp	0.000502
echo	7/sctp	0.000000
echo	7/tcp	0.004855
echo	7/udp	0.024679
unknown	8/tcp	0.000013
discard	9/sctp	0.000000	# sink null
discard	9/tcp	0.003764	# sink null
discard	9/udp	0.015733	# sink null
unknown	10/tcp	0.000063
systat	11/tcp	0.000075	# Active Users
systat	11/udp	0.000577	# Active Users
unknown	12/tcp	0.000063
daytime	13/tcp	0.003927
daytime	13/udp	0.004827
unknown	14/tcp	0.000038
netstat	15/tcp	0.000038
unknown	16/tcp	0.000050
qotd	17/tcp	0.002346	# Quote of the Day
qotd	17/udp	0.009209	# Quote of the Day
msp	18/udp	0.000610	# Message Send Protocol
chargen	19/tcp	0.002559	# ttytst source Character Generator
chargen	19/udp	0.015865	# ttytst source Character Generator
ftp-data	20/sctp	0.000000	# File Transfer [Default Data]
ftp-data	20/tcp	0.001079	# File Transfer [Default Data]
ftp-data	20/udp	0.001878	# File Transfer [Default Data]
ftp	21/sctp	0.000000	# File Transfer [Control]
ftp	21/tcp	0.197667	# File Transfer [Control]
ftp	21/udp	0.004844	# File Transfer [Control]
ssh	22/sctp	0.000000	# Secure Shell Login
ssh	22/tcp	0.182286	# Secure Shell Login
ssh	22/udp	0.003905	# Secure Shell Login
telnet	23/tcp	0.221265
telnet	23/udp	0.006211
priv-mail	24/tcp	0.001154	# any private mail system
priv-mail	24/udp	0.000329	# any private mail system
smtp	25/tcp	0.131314	# Simple Mail Transfer
smtp	25/udp	0.001285	# Simple Mail Transfer
rsftp	26/tcp	0.007991	# RSFTP
nsw-fe	27/tcp	0.000138	# NSW User System FE
nsw-fe	27/udp	0.000395	# NSW User System FE
unknown	28/tcp	0.000050
msg-icp	29/tcp	0.000025	# MSG ICP
msg-icp	29/udp	0.000560	# MSG ICP
unknown	30/tcp	0.000527
msg-auth	31/tcp	0.000025	# MSG Authentication
msg-auth	31/udp	0.000939	# MSG Authentication
unknown	32/tcp	0.000339
dsp	33/tcp	0.001016	# Display Support Protocol
dsp	33/udp	0.000560	# Display Support Protocol
unknown	34/tcp	0.000025
priv-print	35/tcp	0.000038	# any private printer server
priv-print	35/udp	0.000708	# any private printer server
time	37/tcp	0.003161	# timserver
time	37/udp	0.006458	# timserver
rap	38/tcp	0.000025	# Route Access Protocol
rap	38/udp	0.002043	# Route Access Protocol
rlp	39/udp	0.000478	# Resource Location Protocol
unknown	40/tcp	0.000038
graphics	41/udp	0.000445
nameserver	42/tcp	0.000803	# Host Name Server
nameserver	42/udp	0.005288	# Host Name Server
whois	43/tcp	0.000314	# nicname
whois	43/udp	0.000313	# nicname
mpm-flags	44/tcp	0.000025	# MPM FLAGS Protocol
mpm-flags	44/udp	0.000659	# MPM FLAGS Protocol
mpm	45/tcp	0.000050	# Message Processing Module [recv]
mpm	45/udp	0.000741	# Message Processing Module [recv]
mpm-snd	46/udp	0.000494	# MPM [default send]
ni-ftp	47/tcp	0.000075	# NI FTP
ni-ftp	47/udp	0.001071	# NI FTP
auditd	48/tcp	0.000013	# Digital Audit Daemon
auditd	48/udp	0.000708	# Digital Audit Daemon
tacacs	49/tcp	0.000665	# Login Host Protocol (TACACS)
tacacs	49/udp	0.014020	# Login Host Protocol (TACACS)
re-mail-ck	50/tcp	0.000050	# Remote Mail Checking Protocol
re-mail-ck	50/udp	0.000428	# Remote Mail Checking Protocol
la-maint	51/tcp	0.000038	# IMP Logical Address Maintenance
la-maint	51/udp	0.000280	# IMP Logical Address Maintenance
xns-time	52/tcp	0.000063	# XNS Time Protocol
xns-time	52/udp	0.000362	# XNS Time Protocol
domain	53/tcp	0.048463	# Domain Name Server
domain	53/udp	0.213496	# Domain Name Server
xns-ch	54/tcp	0.000013	# XNS Clearinghouse
xns-ch	54/udp	0.000659	# XNS Clearinghouse
isi-gl	55/tcp	0.000125	# ISI Graphics Language
isi-gl	55/udp	0.000478	# ISI Graphics Language
xns-auth	56/tcp	0.000013	# XNS Authentication
xns-auth	56/udp	0.001285	# XNS Authentication
priv-term	57/tcp	0.000125	# any private terminal access
priv-term	57/udp	0.000774	# any private terminal access
xns-mail	58/tcp	0.000025	# XNS Mail
xns-mail	58/udp	0.000428	# XNS Mail
priv-file	59/tcp	0.000088	# any private file service
priv-file	59/udp	0.000478	# any private file service
unknown	60/tcp	0.000038
ni-mail	61/udp	0.000461	# NI MAIL
acas	62/udp	0.000264	# ACA Services
via-ftp	63/udp	0.000445	# VIA Systems - FTP & whois++
covia	64/udp	0.000593	# Communications Integrator (CI)
tacacs-ds	65/tcp	0.000013	# TACACS-Database Service
tacacs-ds	65/udp	0.000741	# TACACS-Database Service
sqlnet	66/tcp	0.000075	# Oracle SQL*NET
sqlnet	66/udp	0.000544	# Oracle SQL*NET
dhcps	67/tcp	0.000013	# DHCP/Bootstrap Protocol Server
dhcps	67/udp	0.228010	# DHCP/Bootstrap Protocol Server
dhcpc	68/tcp	0.000063	# DHCP/Bootstrap Protocol Client
dhcpc	68/udp	0.140118	# DHCP/Bootstrap Protocol Client
tftp	69/tcp	0.000038	# Trivial File Transfer
tftp	69/udp	0.102835	# Trivial File Transfer
gopher	70/tcp	0.000226
gopher	70/udp	0.000544
netrjs-1	71/tcp	0.000025	# Remote Job Service
netrjs-1	71/udp	0.000560	# Remote Job Service
netrjs-2	72/tcp	0.000013	# Remote Job Service
netrjs-2	72/udp	0.000494	# Remote Job Service
netrjs-3	73/tcp	0.000025	# Remote Job Service
netrjs-3	73/udp	0.000428	# Remote Job Service
netrjs-4	74/tcp	0.000025	# Remote Job Service
netrjs-4	74/udp	0.000478	# Remote Job Service
priv-dial	75/tcp	0.000063	# any private dial out service
priv-dial	75/udp	0.000577	# any private dial out service
deos	76/tcp	0.000063	# Distributed External Object Store
deos	76/udp	0.000675	# Distributed External Object Store
priv-rje	77/tcp	0.000113	# any private RJE service, netrjs
priv-rje	77/udp	0.000741	# any private RJE service, netjrs
vettcp	78/udp	0.000626
finger	79/tcp	0.006022
finger	79/udp	0.000956
http	80/sctp	0.000000	# World Wide Web HTTP
http	80/tcp	0.484143	# World Wide Web HTTP
http	80/udp	0.035767	# World Wide Web HTTP
hosts2-ns	81/tcp	0.012056	# HOSTS2 Name Server
hosts2-ns	81/udp	0.001005	# HOSTS2 Name Server
xfer	82/tcp	0.002923	# XFER Utility
xfer	82/udp	0.000659	# XFER Utility
mit-ml-dev	83/tcp	0.000539	# MIT ML Device
mit-ml-dev	83/udp	0.001203	# MIT ML Device
ctf	84/tcp	0.000276	# Common Trace Facility
ctf	84/udp	0.000610	# Common Trace Facility
mit-ml-dev	85/tcp	0.000690	# MIT ML Device
mit-ml-dev	85/udp	0.000610	# MIT ML Device
mfcobol	86/tcp	0.000138	# Micro Focus Cobol
mfcobol	86/udp	0.000824	# Micro Focus Cobol
priv-term-l	87/tcp	0.000125	# any private terminal link, ttylink
kerberos-sec	88/tcp	0.006072	# Kerberos (v5)
kerberos-sec	88/udp	0.013476	# Kerberos (v5)
su-mit-tg	89/tcp	0.000376	# SU/MIT Telnet Gateway
su-mit-tg	89/udp	0.000494	# SU/MIT Telnet Gateway
dnsix	90/tcp	0.000652	# DNSIX Securit Attribute Token Map
dnsix	90/udp	0.000511	# DNSIX Securit Attribute Token Map
mit-dov	91/tcp	0.000063	# MIT Dover Spooler
mit-dov	91/udp	0.000478	# MIT Dover Spooler
npp	92/tcp	0.000050	# Network Printing Protocol
npp	92/udp	0.000478	# Network Printing Protocol
dcp	93/tcp	0.000025	# Device Control Protocol
dcp	93/udp	0.000774	# Device Control Protocol
objcall	94/tcp	0.000025	# Tivoli Object Dispatcher
objcall	94/udp	0.000428	# Tivoli Object Dispatcher
supdup	95/tcp	0.000025	# BSD supdupd(8)
supdup	95/udp	0.000379
dixie	96/tcp	0.000013	# DIXIE Protocol Specification
dixie	96/udp	0.000939	# DIXIE Protocol Specification
swift-rvf	97/tcp	0.000038	# Swift Remote Virtural File Protocol
swift-rvf	97/udp	0.000362	# Swift Remote Virtural File Protocol
linuxconf	98/tcp	0.000088
tacnews	98/udp	0.000560	# TAC News
metagram	99/tcp	0.000326	# Metagram Relay
metagram	99/udp	0.000972	# Metagram Relay
newacct	100/tcp	0.002133	# [unauthorized use]
hostname	101/tcp	0.000063	# hostnames NIC Host Name Server
hostname	101/udp	0.000560	# hostnames NIC Host Name Server
iso-tsap	102/tcp	0.000138	# tsap ISO-TSAP Class 0
iso-tsap	102/udp	0.000544	# tsap ISO-TSAP Class 0
gppitnp	103/tcp	0.000038	# Genesis Point-to-Point Trans Net, or x400 ISO Email
gppitnp	103/udp	0.000527	# Genesis Point-to-Point Trans Net
acr-nema	104/tcp	0.000063	# ACR-NEMA Digital Imag. & Comm. 300
acr-nema	104/udp	0.000643	# ACR-NEMA Digital Imag. & Comm. 300
csnet-ns	105/udp	0.000478	# Mailbox Name Nameserver
pop3pw	106/tcp	0.005934	# Eudora compatible PW changer
3com-tsmux	106/udp	0.000544
rtelnet	107/udp	0.000478	# Remote Telnet Service
snagas	108/tcp	0.000013	# SNA Gateway Access Server
snagas	108/udp	0.000494	# SNA Gateway Access Server
pop2	109/tcp	0.000188	# PostOffice V.2
pop2	109/udp	0.000461	# PostOffice V.2
pop3	110/tcp	0.077142	# PostOffice V.3
pop3	110/udp	0.001104	# PostOffice V.3
rpcbind	111/tcp	0.030034	# portmapper, rpcbind
rpcbind	111/udp	0.093988	# portmapper, rpcbind
mcidas	112/tcp	0.000050	# McIDAS Data Transmission Protocol
mcidas	112/udp	0.002208	# McIDAS Data Transmission Protocol
ident	113/tcp	0.012370	# ident, tap, Authentication Service
auth	113/udp	0.003031	# ident, tap, Authentication Service
audionews	114/tcp	0.000025	# Audio News Multicast
audionews	114/udp	0.000362	# Audio News Multicast
sftp	115/tcp	0.000025	# Simple File Transfer Protocol
sftp	115/udp	0.000346	# Simple File Transfer Protocol
ansanotify	116/tcp	0.000013	# ANSA REX Notify
ansanotify	116/udp	0.000445	# ANSA REX Notify
uucp-path	117/tcp	0.000013	# UUCP Path Service
uucp-path	117/udp	0.000527	# UUCP Path Service
sqlserv	118/tcp	0.000025	# SQL Services
sqlserv	118/udp	0.000791	# SQL Services
nntp	119/tcp	0.003262	# Network News Transfer Protocol
nntp	119/udp	0.000428	# Network News Transfer Protocol
cfdptkt	120/tcp	0.000025
cfdptkt	120/udp	0.010181
erpc	121/udp	0.000675	# Encore Expedited Remote Pro.Call
smakynet	122/tcp	0.000063
smakynet	122/udp	0.000428
ntp	123/tcp	0.000138	# Network Time Protocol
ntp	123/udp	0.330879	# Network Time Protocol
ansatrader	124/tcp	0.000013	# ANSA REX Trader
ansatrader	124/udp	0.000610	# ANSA REX Trader
locus-map	125/tcp	0.000176	# Locus PC-Interface Net Map Ser
locus-map	125/udp	0.000478	# Locus PC-Interface Net Map Ser
unitary	126/udp	0.000610	# Unisys Unitary Login
locus-con	127/tcp	0.000113	# Locus PC-Interface Conn Server
locus-con	127/udp	0.000412	# Locus PC-Interface Conn Server
gss-xlicen	128/tcp	0.000013	# GSS X License Verification
gss-xlicen	128/udp	0.000494	# GSS X License Verification
pwdgen	129/tcp	0.000025	# Password Generator Protocol
pwdgen	129/udp	0.000412	# Password Generator Protocol
cisco-fna	130/tcp	0.000013	# cisco FNATIVE
cisco-fna	130/udp	0.000774	# cisco FNATIVE
cisco-tna	131/udp	0.000560	# cisco TNATIVE
cisco-sys	132/tcp	0.000013	# cisco SYSMAINT
cisco-sys	132/udp	0.000923	# cisco SYSMAINT
statsrv	133/tcp	0.000025	# Statistics Service
statsrv	133/udp	0.000758	# Statistics Service
ingres-net	134/udp	0.001203	# INGRES-NET Service
msrpc	135/tcp	0.047798	# Microsoft RPC services
msrpc	135/udp	0.244452	# Microsoft RPC services
profile	136/tcp	0.000025	# PROFILE Naming System
profile	136/udp	0.051862	# PROFILE Naming System
netbios-ns	137/tcp	0.000038	# NETBIOS Name Service
netbios-ns	137/udp	0.365163	# NETBIOS Name Service
netbios-dgm	138/tcp	0.000025	# NETBIOS Datagram Service
netbios-dgm	138/udp	0.297830	# NETBIOS Datagram Service
netbios-ssn	139/tcp	0.050809	# NETBIOS Session Service
netbios-ssn	139/udp	0.193726	# NETBIOS Session Service
emfis-data	140/udp	0.000692	# EMFIS Data Service
emfis-cntl	141/tcp	0.000013	# EMFIS Control Service
emfis-cntl	141/udp	0.000428	# EMFIS Control Service
bl-idm	142/tcp	0.000013	# Britton-Lee IDM
bl-idm	142/udp	0.000428	# Britton-Lee IDM
imap	143/tcp	0.050420	# Interim Mail Access Protocol v2
imap	143/udp	0.000659	# Interim Mail Access Protocol v2
news	144/tcp	0.004981	# NewS window system
news	144/udp	0.000346	# NewS window system
uaac	145/udp	0.001153	# UAAC Protocol
iso-tp0	146/tcp	0.000577
iso-tp0	146/udp	0.000890
iso-ip	147/udp	0.000511
cronus	148/tcp	0.000013	# CRONUS-SUPPORT
cronus	148/udp	0.000445	# CRONUS-SUPPORT
aed-512	149/tcp	0.000013	# AED 512 Emulation Service
aed-512	149/udp	0.000445	# AED 512 Emulation Service
sql-net	150/tcp	0.000013
sql-net	150/udp	0.000840
hems	151/tcp	0.000013
hems	151/udp	0.000412
bftp	152/udp	0.000988	# Background File Transfer Program
sgmp	153/udp	0.000346
netsc-prod	154/udp	0.000379
netsc-dev	155/udp	0.000659
sqlsrv	156/udp	0.000461	# SQL Service
knet-cmp	157/tcp	0.000113	# KNET/VM Command/Message Protocol
knet-cmp	157/udp	0.000247	# KNET/VM Command/Message Protocol
pcmail-srv	158/tcp	0.000063	# PCMail Server
pcmail-srv	158/udp	0.010148	# PCMail Server
nss-routing	159/udp	0.000329
sgmp-traps	160/udp	0.000824
snmp	161/tcp	0.000790
snmp	161/udp	0.433467	# Simple Net Mgmt Proto
snmptrap	162/tcp	0.000013	# snmp-trap
snmptrap	162/udp	0.103346	# snmp-trap
cmip-man	163/tcp	0.000590	# CMIP/TCP Manager
cmip-man	163/udp	0.000840	# CMIP/TCP Manager
smip-agent	164/udp	0.000626	# CMIP/TCP Agent
xns-courier	165/udp	0.000379	# Xerox
s-net	166/udp	0.000461	# Sirius Systems
namp	167/udp	0.000395
rsvd	168/tcp	0.000013
rsvd	168/udp	0.000412
send	169/udp	0.000494
print-srv	170/udp	0.001071	# Network PostScript
multiplex	171/udp	0.000412	# Network Innovations Multiplex
cl-1	172/udp	0.000494	# Network Innovations CL/1
xyplex-mux	173/tcp	0.000013
xyplex-mux	173/udp	0.000329
mailq	174/tcp	0.000013
mailq	174/udp	0.000379
vmnet	175/udp	0.000379
genrad-mux	176/tcp	0.000025
genrad-mux	176/udp	0.000313
xdmcp	177/tcp	0.000025	# X Display Mgr. Control Proto
xdmcp	177/udp	0.018551	# X Display Manager Control Protocol
nextstep	178/udp	0.000346	# NextStep Window Server
bgp	179/sctp	0.000000	# Border Gateway Protocol
bgp	179/tcp	0.010538	# Border Gateway Protocol
bgp	179/udp	0.000494	# Border Gateway Protocol
ris	180/tcp	0.000038	# Intergraph
ris	180/udp	0.000478	# Intergraph
unify	181/tcp	0.000025
unify	181/udp	0.000181
audit	182/tcp	0.000038	# Unisys Audit SITP
audit	182/udp	0.000297	# Unisys Audit SITP
ocbinder	183/udp	0.000560
ocserver	184/tcp	0.000013
ocserver	184/udp	0.000461
remote-kis	185/tcp	0.000013
remote-kis	185/udp	0.000428
kis	186/udp	0.000280	# KIS Protocol
aci	187/udp	0.000395	# Application Communication Interface
mumps	188/udp	0.000527	# Plus Five's MUMPS
qft	189/tcp	0.000013	# Queued File Transport
qft	189/udp	0.000461	# Queued File Transport
gacp	190/tcp	0.000013	# Gateway Access Control Protocol
cacp	190/udp	0.000428	# Gateway Access Control Protocol
prospero	191/tcp	0.000013	# Prospero Directory Service
prospero	191/udp	0.000857	# Prospero Directory Service
osu-nms	192/tcp	0.000013	# OSU Network Monitoring System
osu-nms	192/udp	0.004168	# OSU Network Monitoring System
srmp	193/tcp	0.000025	# Spider Remote Monitoring Protocol
srmp	193/udp	0.000412	# Spider Remote Monitoring Protocol
irc	194/tcp	0.000038	# Internet Relay Chat
irc	194/udp	0.000643	# Internet Relay Chat Protocol
dn6-nlm-aud	195/udp	0.000395	# DNSIX Network Level Module Audit
dn6-smm-red	196/tcp	0.000025	# DNSIX Session Mgt Module Audit Redir
dn6-smm-red	196/udp	0.000428	# DNSIX Session Mgt Module Audit Redir
dls	197/udp	0.000659	# Directory Location Service
dls-mon	198/udp	0.001252	# Directory Location Service Monitor
smux	199/tcp	0.015945	# SNMP Unix Multiplexer
smux	199/udp	0.004152
src	200/tcp	0.000025	# IBM System Resource Controller
src	200/udp	0.000626	# IBM System Resource Controller
at-rtmp	201/tcp	0.000038	# AppleTalk Routing Maintenance
at-rtmp	201/udp	0.000988	# AppleTalk Routing Maintenance
at-nbp	202/tcp	0.000025	# AppleTalk Name Binding
at-nbp	202/udp	0.000445	# AppleTalk Name Binding
at-3	203/udp	0.000461	# AppleTalk Unused
at-echo	204/tcp	0.000025	# AppleTalk Echo
at-echo	204/udp	0.000412	# AppleTalk Echo
at-5	205/tcp	0.000013	# AppleTalk Unused
at-5	205/udp	0.000890	# AppleTalk Unused
at-zis	206/tcp	0.000025	# AppleTalk Zone Information
at-zis	206/udp	0.000956	# AppleTalk Zone Information
at-7	207/udp	0.001351	# AppleTalk Unused
at-8	208/udp	0.000511	# AppleTalk Unused
tam	209/tcp	0.000013	# Trivial Authenticated Mail Protocol
tam	209/udp	0.000395	# Trivial Authenticated Mail Protocol
z39.50	210/tcp	0.000125	# wais, ANSI Z39.50
z39.50	210/udp	0.000511	# wais, ANSI Z39.50
914c-g	211/tcp	0.000427	# Texas Instruments 914C/G Terminal
914c-g	211/udp	0.000329	# Texas Instruments 914C/G Terminal
anet	212/tcp	0.000364	# ATEXSSTR
anet	212/udp	0.000329	# ATEXSSTR
ipx	213/tcp	0.000038
ipx	213/udp	0.000478
vmpwscs	214/tcp	0.000038
vmpwscs	214/udp	0.000445
softpc	215/udp	0.000412	# Insignia Solutions
atls	216/tcp	0.000013	# Access Technology License Server
atls	216/udp	0.000461	# Access Technology License Server
dbase	217/tcp	0.000013	# dBASE Unix
dbase	217/udp	0.001993	# dBASE Unix
mpp	218/udp	0.000593	# Netix Message Posting Protocol
uarps	219/tcp	0.000063	# Unisys ARPs
uarps	219/udp	0.000395	# Unisys ARPs
imap3	220/tcp	0.000113	# Interactive Mail Access Protocol v3
imap3	220/udp	0.000445	# Interactive Mail Access Protocol v3
fln-spx	221/tcp	0.000050	# Berkeley rlogind with SPX auth
fln-spx	221/udp	0.000577	# Berkeley rlogind with SPX auth
rsh-spx	222/tcp	0.000941	# Berkeley rshd with SPX auth
rsh-spx	222/udp	0.000774	# Berkeley rshd with SPX auth
cdc	223/tcp	0.000125	# Certificate Distribution Center
cdc	223/udp	0.000346	# Certificate Distribution Center
masqdialer	224/tcp	0.000025
unknown	225/tcp	0.000100
unknown	225/udp	0.000330
unknown	226/tcp	0.000013
unknown	228/tcp	0.000013
unknown	229/tcp	0.000013
unknown	230/tcp	0.000050
unknown	231/tcp	0.000038
unknown	233/tcp	0.000025
unknown	234/tcp	0.000013
unknown	235/tcp	0.000025
unknown	236/tcp	0.000025
unknown	236/udp	0.000330
unknown	237/tcp	0.000063
unknown	238/tcp	0.000013
unknown	238/udp	0.000330
unknown	239/udp	0.000330
direct	242/udp	0.000362
sur-meas	243/udp	0.000494	# Survey Measurement
dayna	244/udp	0.000461
link	245/udp	0.000626
dsp3270	246/udp	0.000593	# Display Systems Protocol
subntbcst_tftp	247/udp	0.000412
bhfhs	248/tcp	0.000013
bhfhs	248/udp	0.000511
unknown	249/tcp	0.000050
unknown	250/tcp	0.000138
unknown	251/tcp	0.000125
unknown	252/tcp	0.000088
unknown	253/tcp	0.000038
unknown	254/tcp	0.001832
unknown	255/tcp	0.002409
fw1-secureremote	256/tcp	0.000163	# also "rap"
rap	256/udp	0.000692
fw1-mc-fwmodule	257/tcp	0.000100	# FW1 management console for communication w/modules and also secure electronic transaction (set) port
set	257/udp	0.000511	# secure electronic transaction
fw1-mc-gui	258/tcp	0.000013	# also yak winsock personal chat
yak-chat	258/udp	0.000494	# yak winsock personal chat
esro-gen	259/tcp	0.000201	# efficient short remote operations
firewall1-rdp	259/udp	0.000840	# Firewall 1 proprietary RDP protocol http://www.inside-security.de/fw1_rdp_poc.html
openport	260/tcp	0.000025
openport	260/udp	0.000362
nsiiops	261/tcp	0.000025	# iiop name service over tls/ssl
nsiiops	261/udp	0.000659	# iiop name service over tls/ssl
arcisdms	262/tcp	0.000038
arcisdms	262/udp	0.000577
hdap	263/udp	0.000544
bgmp	264/tcp	0.001029
fw1-or-bgmp	264/udp	0.000461	# FW1 secureremote alternate
maybe-fw1	265/tcp	0.000013
td-service	267/tcp	0.000013	# Tobit David Service Layer
td-replica	268/tcp	0.000050	# Tobit David Replica
unknown	270/tcp	0.000013
unknown	271/tcp	0.000013
unknown	273/tcp	0.000025
unknown	276/tcp	0.000025
unknown	277/tcp	0.000013
http-mgmt	280/tcp	0.001844
http-mgmt	280/udp	0.000379
personal-link	281/udp	0.000544
cableport-ax	282/udp	0.000494	# cable port a/x
corerjd	284/tcp	0.000013
unknown	288/tcp	0.000013
unknown	289/tcp	0.000013
unknown	293/tcp	0.000013
unknown	294/tcp	0.000013
unknown	294/udp	0.000330
unknown	295/tcp	0.000013
unknown	300/tcp	0.000050
unknown	301/tcp	0.000213
unknown	303/tcp	0.000025
unknown	304/udp	0.000991
unknown	305/tcp	0.000013
unknown	306/tcp	0.000464
unknown	307/udp	0.000330
novastorbakcup	308/tcp	0.000025	# novastor backup
novastorbakcup	308/udp	0.000329	# novastor backup
entrusttime	309/udp	0.000527
bhmds	310/udp	0.000445
asip-webadmin	311/tcp	0.001857	# appleshare ip webadmin
asip-webadmin	311/udp	0.000494	# appleshare ip webadmin
vslmp	312/udp	0.000593
magenta-logic	313/udp	0.000297
opalis-robot	314/udp	0.000840
dpsi	315/tcp	0.000025
dpsi	315/udp	0.000379
decauth	316/tcp	0.000013
decauth	316/udp	0.000461
zannet	317/udp	0.000346
pip	321/udp	0.000593
rtsps	322/tcp	0.000013	# RTSPS
unknown	323/udp	0.000330
unknown	325/tcp	0.000025
unknown	326/tcp	0.000013
unknown	326/udp	0.000330
unknown	329/tcp	0.000013
texar	333/tcp	0.000113	# Texar Security Port
texar	333/udp	0.000330	# Texar Security Port
unknown	334/tcp	0.000050
unknown	336/tcp	0.000025
unknown	337/tcp	0.000013
unknown	340/tcp	0.000627
unknown	340/udp	0.000330
unknown	343/tcp	0.000050
pdap	344/udp	0.000445	# Prospero Data Access Protocol
pawserv	345/udp	0.000428	# Perf Analysis Workbench
zserv	346/tcp	0.000013	# Zebra server
zserv	346/udp	0.000428	# Zebra server
fatserv	347/udp	0.000708	# Fatmen Server
csi-sgwp	348/udp	0.000511	# Cabletron Management Protocol
mftp	349/udp	0.000297
matip-type-a	350/tcp	0.000025	# MATIP Type A
matip-type-a	350/udp	0.000379
matip-type-b	351/tcp	0.000013	# MATIP Type B or bhoetty also safetp
matip-type-b	351/udp	0.000313	# MATIP Type B or bhoetty
dtag-ste-sb	352/tcp	0.000013	# DTAG, or bhoedap4
dtag-ste-sb	352/udp	0.000593	# DTAG, or bhoedap4
ndsauth	353/tcp	0.000050
ndsauth	353/udp	0.000264
bh611	354/udp	0.000560
datex-asn	355/tcp	0.000025
datex-asn	355/udp	0.000774
cloanto-net-1	356/udp	0.000610
bhevent	357/udp	0.000478
shrinkwrap	358/tcp	0.000013
shrinkwrap	358/udp	0.000445
tenebris_nts	359/udp	0.000494	# Tenebris Network Trace Service
scoi2odialog	360/tcp	0.000013
scoi2odialog	360/udp	0.000560
semantix	361/tcp	0.000013
semantix	361/udp	0.000346
srssend	362/tcp	0.000025	# SRS Send
srssend	362/udp	0.000445	# SRS Send
rsvp_tunnel	363/udp	0.002125
aurora-cmgr	364/tcp	0.000013
aurora-cmgr	364/udp	0.000395
dtk	365/udp	0.000395	# Deception Tool Kit (www.all.net)
odmr	366/tcp	0.000715
odmr	366/udp	0.000478
mortgageware	367/udp	0.000445
qbikgdp	368/udp	0.000264
rpc2portmap	369/tcp	0.000013
rpc2portmap	369/udp	0.000725
codaauth2	370/tcp	0.000013
codaauth2	370/udp	0.001038
clearcase	371/udp	0.000593
ulistserv	372/udp	0.000593	# Unix Listserv
legent-1	373/tcp	0.000013	# Legent Corporation (now Computer Associates Intl.)
legent-1	373/udp	0.000395	# Legent Corporation (now Computer Associates Intl.)
legent-2	374/udp	0.000610	# Legent Corporation (now Computer Associates Intl.)
hassle	375/udp	0.000544
nip	376/udp	0.001120	# Amiga Envoy Network Inquiry Proto
tnETOS	377/udp	0.000725	# NEC Corporation
dsETOS	378/udp	0.000544	# NEC Corporation
is99c	379/udp	0.000395	# TIA/EIA/IS-99 modem client
is99s	380/tcp	0.000013	# TIA/EIA/IS-99 modem server
is99s	380/udp	0.000494	# TIA/EIA/IS-99 modem server
hp-collector	381/udp	0.000577	# hp performance data collector
hp-managed-node	382/udp	0.000346	# hp performance data managed node
hp-alarm-mgr	383/tcp	0.000013	# hp performance data alarm manager
hp-alarm-mgr	383/udp	0.000362	# hp performance data alarm manager
arns	384/udp	0.000412	# A Remote Network Server System
ibm-app	385/udp	0.000692	# IBM Application
asa	386/udp	0.000741	# ASA Message Router Object Def.
aurp	387/udp	0.001285	# Appletalk Update-Based Routing Pro.
unidata-ldm	388/tcp	0.000088	# Unidata LDM Version 4
unidata-ldm	388/udp	0.000329	# Unidata LDM Version 4
ldap	389/tcp	0.004717	# Lightweight Directory Access Protocol
ldap	389/udp	0.004300	# Lightweight Directory Access Protocol
uis	390/udp	0.000478
synotics-relay	391/tcp	0.000013	# SynOptics SNMP Relay Port
synotics-relay	391/udp	0.000988	# SynOptics SNMP Relay Port
synotics-broker	392/tcp	0.000013	# SynOptics Port Broker Port
synotics-broker	392/udp	0.000280	# SynOptics Port Broker Port
dis	393/udp	0.001302	# Data Interpretation System
embl-ndt	394/udp	0.000461	# EMBL Nucleic Data Transfer
netcp	395/udp	0.000428	# NETscout Control Protocol
netware-ip	396/udp	0.000379	# Novell Netware over IP
mptn	397/tcp	0.000025	# Multi Protocol Trans. Net.
mptn	397/udp	0.000511	# Multi Protocol Trans. Net.
kryptolan	398/udp	0.000659
iso-tsap-c2	399/tcp	0.000025	# ISO-TSAP Class 2
iso-tsap-c2	399/udp	0.000395	# ISO-TSAP Class 2
work-sol	400/tcp	0.000075	# Workstation Solutions
work-sol	400/udp	0.000643	# Workstation Solutions
ups	401/tcp	0.000025	# Uninterruptible Power Supply
ups	401/udp	0.000560	# Uninterruptible Power Supply
genie	402/tcp	0.000038	# Genie Protocol
genie	402/udp	0.001730	# Genie Protocol
decap	403/tcp	0.000025
decap	403/udp	0.001021
nced	404/tcp	0.000025
nced	404/udp	0.000478
ncld	405/udp	0.000379
imsp	406/tcp	0.000163	# Interactive Mail Support Protocol
imsp	406/udp	0.000560	# Interactive Mail Support Protocol
timbuktu	407/tcp	0.001129
timbuktu	407/udp	0.005305
prm-sm	408/tcp	0.000013	# Prospero Resource Manager Sys. Man.
prm-sm	408/udp	0.000445	# Prospero Resource Manager Sys. Man.
prm-nm	409/udp	0.000461	# Prospero Resource Manager Node Man.
decladebug	410/tcp	0.000025	# DECLadebug Remote Debug Protocol
decladebug	410/udp	0.000494	# DECLadebug Remote Debug Protocol
rmt	411/tcp	0.000088	# Remote MT Protocol
rmt	411/udp	0.000560	# Remote MT Protocol
synoptics-trap	412/tcp	0.000025	# Trap Convention Port
synoptics-trap	412/udp	0.000511	# Trap Convention Port
smsp	413/tcp	0.000013
smsp	413/udp	0.000395
infoseek	414/tcp	0.000013
infoseek	414/udp	0.000346
bnet	415/tcp	0.000025
bnet	415/udp	0.000445
silverplatter	416/tcp	0.000201
silverplatter	416/udp	0.000675
onmux	417/tcp	0.000226	# Meeting maker
onmux	417/udp	0.000774	# Meeting maker
hyper-g	418/tcp	0.000025
hyper-g	418/udp	0.000544
ariel1	419/tcp	0.000138
ariel1	419/udp	0.000544
smpte	420/tcp	0.000013
smpte	420/udp	0.000511
ariel2	421/udp	0.000428
ariel3	422/tcp	0.000025
ariel3	422/udp	0.000346
opc-job-start	423/tcp	0.000013	# IBM Operations Planning and Control Start
opc-job-start	423/udp	0.000329	# IBM Operations Planning and Control Start
opc-job-track	424/udp	0.000610	# IBM Operations Planning and Control Track
icad-el	425/tcp	0.000326
icad-el	425/udp	0.000428
smartsdp	426/udp	0.001104
svrloc	427/tcp	0.005382	# Server Location
svrloc	427/udp	0.018270	# Server Location
ocs_cmu	428/tcp	0.000013
ocs_cmu	428/udp	0.000329
ocs_amu	429/udp	0.000428
utmpsd	430/udp	0.000362
utmpcd	431/udp	0.000461
iasd	432/tcp	0.000013
iasd	432/udp	0.000577
nnsp	433/udp	0.000445
mobileip-agent	434/tcp	0.000013
mobileip-agent	434/udp	0.002257
mobilip-mn	435/tcp	0.000013
mobilip-mn	435/udp	0.000511
dna-cml	436/udp	0.000379
comscm	437/tcp	0.000025
comscm	437/udp	0.000741
dsfgw	438/tcp	0.000013
dsfgw	438/udp	0.000725
dasp	439/tcp	0.000013
dasp	439/udp	0.000412
sgcp	440/tcp	0.000063
sgcp	440/udp	0.000807
decvms-sysmgt	441/tcp	0.000138
decvms-sysmgt	441/udp	0.000395
cvc_hostd	442/tcp	0.000138
cvc_hostd	442/udp	0.000774
https	443/sctp	0.000000
https	443/tcp	0.208669	# secure http (SSL)
https	443/udp	0.010840
snpp	444/tcp	0.004466	# Simple Network Paging Protocol
snpp	444/udp	0.000873	# Simple Network Paging Protocol
microsoft-ds	445/tcp	0.056944	# SMB directly over IP
microsoft-ds	445/udp	0.253118
ddm-rdb	446/tcp	0.000075
ddm-rdb	446/udp	0.000461
ddm-dfm	447/tcp	0.000138
ddm-dfm	447/udp	0.000675
ddm-ssl	448/tcp	0.000050	# ddm-byte
ddm-ssl	448/udp	0.000511	# ddm-byte
as-servermap	449/tcp	0.000063	# AS Server Mapper
as-servermap	449/udp	0.000675	# AS Server Mapper
tserver	450/tcp	0.000050
tserver	450/udp	0.000692
sfs-smp-net	451/tcp	0.000013	# Cray Network Semaphore server
sfs-smp-net	451/udp	0.000774	# Cray Network Semaphore server
sfs-config	452/tcp	0.000013	# Cray SFS config server
sfs-config	452/udp	0.000297	# Cray SFS config server
creativeserver	453/tcp	0.000025
creativeserver	453/udp	0.000280
contentserver	454/tcp	0.000038
contentserver	454/udp	0.000329
creativepartnr	455/udp	0.000758
macon	456/tcp	0.000050
macon	456/udp	0.000494
scohelp	457/tcp	0.000013
scohelp	457/udp	0.000610
appleqtc	458/tcp	0.000314	# apple quick time
appleqtc	458/udp	0.000725	# apple quick time
ampr-rcmd	459/udp	0.000362
skronk	460/tcp	0.000013
skronk	460/udp	0.000610
datasurfsrv	461/udp	0.000379
datasurfsrvsec	462/tcp	0.000025
datasurfsrvsec	462/udp	0.000560
alpes	463/udp	0.000494
kpasswd5	464/tcp	0.001192	# Kerberos (v5)
kpasswd5	464/udp	0.004300	# Kerberos (v5)
smtps	465/tcp	0.013888	# smtp protocol over TLS/SSL (was ssmtp)
smtps	465/udp	0.000527	# smtp protocol over TLS/SSL (was ssmtp)
digital-vrc	466/tcp	0.000025
digital-vrc	466/udp	0.000297
mylex-mapd	467/udp	0.000445
photuris	468/udp	0.000560
rcp	469/udp	0.000692	# Radio Control Protocol
scx-proxy	470/tcp	0.000013
scx-proxy	470/udp	0.000395
mondex	471/udp	0.000478
ljk-login	472/tcp	0.000013
ljk-login	472/udp	0.000758
hybrid-pop	473/tcp	0.000013
hybrid-pop	473/udp	0.000445
tn-tl-w2	474/udp	0.000214
tcpnethaspsrv	475/tcp	0.000138
tcpnethaspsrv	475/udp	0.000643
tn-tl-fd1	476/udp	0.000346
ss7ns	477/udp	0.000626
spsc	478/udp	0.000610
iafserver	479/tcp	0.000013
iafserver	479/udp	0.000675
loadsrv	480/tcp	0.000013
iafdbase	480/udp	0.000461
dvs	481/tcp	0.000176
ph	481/udp	0.000445
xlog	482/udp	0.000577
ulpnet	483/udp	0.000461
integra-sme	484/udp	0.001186	# Integra Software Management Environment
powerburst	485/tcp	0.000013	# Air Soft Power Burst
powerburst	485/udp	0.000725	# Air Soft Power Burst
sstats	486/tcp	0.000025
avian	486/udp	0.000379
saft	487/tcp	0.000013	# saft Simple Asynchronous File Transfer
saft	487/udp	0.000428	# saft Simple Asynchronous File Transfer
gss-http	488/udp	0.000643
nest-protocol	489/udp	0.000544
micom-pfs	490/udp	0.000577
go-login	491/tcp	0.000050
go-login	491/udp	0.000297
ticf-1	492/tcp	0.000050	# Transport Independent Convergence for FNA
ticf-1	492/udp	0.000610	# Transport Independent Convergence for FNA
ticf-2	493/tcp	0.000025	# Transport Independent Convergence for FNA
ticf-2	493/udp	0.000560	# Transport Independent Convergence for FNA
pov-ray	494/udp	0.000478
intecourier	495/udp	0.000362
pim-rp-disc	496/tcp	0.000013
pim-rp-disc	496/udp	0.001153
retrospect	497/tcp	0.001179
retrospect	497/udp	0.017348
siam	498/udp	0.000461
iso-ill	499/udp	0.000511	# ISO ILL Protocol
isakmp	500/tcp	0.001129
isakmp	500/udp	0.163742
stmf	501/tcp	0.000063
stmf	501/udp	0.001186
asa-appl-proto	502/tcp	0.000151
asa-appl-proto	502/udp	0.001318
intrinsa	503/udp	0.000708
citadel	504/udp	0.000758
mailbox-lm	505/tcp	0.000038
mailbox-lm	505/udp	0.000807
ohimsrv	506/udp	0.000577
crs	507/tcp	0.000050
crs	507/udp	0.000593
xvttp	508/udp	0.000461
snare	509/tcp	0.000075
snare	509/udp	0.000643
fcp	510/tcp	0.000063	# FirstClass Protocol
fcp	510/udp	0.000923	# FirstClass Protocol
passgo	511/tcp	0.000038
passgo	511/udp	0.000610
exec	512/tcp	0.000841	# BSD rexecd(8)
biff	512/udp	0.002142	# comsat
login	513/tcp	0.005595	# BSD rlogind(8)
who	513/udp	0.002323	# BSD rwhod(8)
shell	514/tcp	0.011078	# BSD rshd(8)
syslog	514/udp	0.119804	# BSD syslogd(8)
printer	515/tcp	0.007214	# spooler (lpd)
printer	515/udp	0.011022	# spooler (lpd)
videotex	516/tcp	0.000013
videotex	516/udp	0.000807
talk	517/udp	0.004794	# BSD talkd(8)
ntalk	518/tcp	0.000013	# (talkd)
ntalk	518/udp	0.022208	# (talkd)
utime	519/udp	0.000560	# unixtime
route	520/udp	0.139376	# router routed -- RIP
ripng	521/udp	0.000708
ulp	522/tcp	0.000013
ulp	522/udp	0.000511
ibm-db2	523/tcp	0.000113
ibm-db2	523/udp	0.000461
ncp	524/tcp	0.000213
ncp	524/udp	0.000873
timed	525/tcp	0.000063	# timeserver
timed	525/udp	0.000890	# timeserver
tempo	526/tcp	0.000013	# newdate
tempo	526/udp	0.000346	# newdate
stx	527/udp	0.000362	# Stock IXChange
custix	528/tcp	0.000013	# Customer IXChange
custix	528/udp	0.000329	# Customer IXChange
irc	529/udp	0.000544
courier	530/tcp	0.000013	# rpc
courier	530/udp	0.000873	# rpc
conference	531/udp	0.000824	# chat
netnews	532/udp	0.000758	# readnews
netwall	533/tcp	0.000013	# for emergency broadcasts
netwall	533/udp	0.000461	# for emergency broadcasts
mm-admin	534/udp	0.000379	# MegaMedia Admin
iiop	535/tcp	0.000013
iiop	535/udp	0.000329
opalis-rdv	536/tcp	0.000025
opalis-rdv	536/udp	0.000428
nmsp	537/udp	0.000774	# Networked Media Streaming Protocol
gdomap	538/tcp	0.000063
gdomap	538/udp	0.000461
apertus-ldp	539/udp	0.002274	# Apertus Technologies Load Determination
uucp	540/tcp	0.000138	# uucpd
uucp	540/udp	0.000791	# uucpd
uucp-rlogin	541/tcp	0.000489
uucp-rlogin	541/udp	0.000807
commerce	542/tcp	0.000013
commerce	542/udp	0.000675
klogin	543/tcp	0.005282	# Kerberos (v4/v5)
klogin	543/udp	0.000610	# Kerberos (v4/v5)
kshell	544/tcp	0.005269	# krcmd Kerberos (v4/v5)
kshell	544/udp	0.000527	# krcmd Kerberos (v4/v5)
ekshell	545/tcp	0.000276	# Kerberos encrypted remote shell -kfall
appleqtcsrvr	545/udp	0.000478
dhcpv6-client	546/udp	0.000840	# DHCPv6 Client
dhcpv6-server	547/udp	0.000807	# DHCPv6 Server
afp	548/tcp	0.012395	# AFP over TCP
afp	548/udp	0.000774	# AFP over UDP
idfp	549/udp	0.000461
new-rwho	550/udp	0.001170	# new-who
cybercash	551/udp	0.000774
deviceshare	552/tcp	0.000013
deviceshare	552/udp	0.000840
pirp	553/tcp	0.000038
pirp	553/udp	0.000593
rtsp	554/tcp	0.008104	# Real Time Stream Control Protocol
rtsp	554/udp	0.000593	# Real Time Stream Control Protocol
dsf	555/tcp	0.000238
dsf	555/udp	0.000329
remotefs	556/tcp	0.000125	# rfs, rfs_server, Brunhoff remote filesystem
remotefs	556/udp	0.000428	# rfs, rfs_server, Brunhoff remote filesystem
openvms-sysipc	557/tcp	0.000113
openvms-sysipc	557/udp	0.000461
sdnskmp	558/udp	0.000461
teedtap	559/udp	0.001433
rmonitor	560/tcp	0.000038	# rmonitord
rmonitor	560/udp	0.000626	# rmonitord
monitor	561/tcp	0.000038
monitor	561/udp	0.000544
chshell	562/udp	0.000346	# chcmd
snews	563/tcp	0.000916
snews	563/udp	0.000675
9pfs	564/tcp	0.000013	# plan 9 file service
9pfs	564/udp	0.000527	# plan 9 file service
whoami	565/udp	0.000445
banyan-rpc	567/udp	0.000544
ms-shuttle	568/tcp	0.000025	# Microsoft shuttle
ms-shuttle	568/udp	0.000824	# Microsoft shuttle
ms-rome	569/tcp	0.000013	# Microsoft rome
ms-rome	569/udp	0.000758	# Microsoft rome
meter	570/tcp	0.000013	# demon
meter	570/udp	0.000461	# demon
umeter	571/tcp	0.000013	# udemon
umeter	571/udp	0.000692	# udemon
sonar	572/tcp	0.000013
sonar	572/udp	0.000297
banyan-vip	573/udp	0.000939
ftp-agent	574/udp	0.000428	# FTP Software Agent System
vemmi	575/udp	0.000379
ipcd	576/udp	0.000346
vnas	577/tcp	0.000063
vnas	577/udp	0.000972
ipdd	578/tcp	0.000075
ipdd	578/udp	0.000527
decbsrv	579/udp	0.000544
sntp-heartbeat	580/udp	0.000428
bdp	581/udp	0.000395	# Bundle Discovery Protocol
scc-security	582/tcp	0.000013
scc-security	582/udp	0.000280
philips-vc	583/tcp	0.000013	# Philips Video-Conferencing
philips-vc	583/udp	0.000544	# Philips Video-Conferencing
keyserver	584/udp	0.001005
imap4-ssl	585/udp	0.000412	# use 993 instead)
password-chg	586/udp	0.000758
submission	587/tcp	0.019721
submission	587/udp	0.000692
cal	588/udp	0.000544
eyelink	589/udp	0.000461
tns-cml	590/udp	0.000577
http-alt	591/tcp	0.000075	# FileMaker, Inc. - HTTP Alternate
http-alt	591/udp	0.000527	# FileMaker, Inc. - HTTP Alternate
eudora-set	592/udp	0.000626
http-rpc-epmap	593/tcp	0.001242	# HTTP RPC Ep Map
http-rpc-epmap	593/udp	0.022933	# HTTP RPC Ep Map
tpip	594/udp	0.000873
cab-protocol	595/udp	0.000445
smsd	596/tcp	0.000013
smsd	596/udp	0.000544
ptcnameservice	597/udp	0.000214	# PTC Name Service
sco-websrvrmg3	598/tcp	0.000013	# SCO Web Server Manager 3
sco-websrvrmg3	598/udp	0.000626	# SCO Web Server Manager 3
acp	599/tcp	0.000013	# Aeolon Core Protocol
acp	599/udp	0.000412	# Aeolon Core Protocol
ipcserver	600/tcp	0.000100	# Sun IPC server
ipcserver	600/udp	0.000741	# Sun IPC server
syslog-conn	601/tcp	0.000025	# Reliable Syslog Service
syslog-conn	601/udp	0.000330	# Reliable Syslog Service
xmlrpc-beep	602/tcp	0.000100	# XML-RPC over BEEP
mnotes	603/tcp	0.000063	# CommonTime Mnotes PDA Synchronization
idxp	603/udp	0.000991	# IDXP
tunnel	604/tcp	0.000025	# TUNNEL
soap-beep	605/tcp	0.000050	# SOAP over BEEP
soap-beep	605/udp	0.000661	# SOAP over BEEP
urm	606/tcp	0.000088	# Cray Unified Resource Manager
urm	606/udp	0.000494	# Cray Unified Resource Manager
nqs	607/tcp	0.000025
nqs	607/udp	0.000758
sift-uft	608/tcp	0.000025	# Sender-Initiated/Unsolicited File Transfer
sift-uft	608/udp	0.000544	# Sender-Initiated/Unsolicited File Transfer
npmp-trap	609/tcp	0.000050
npmp-trap	609/udp	0.000379
npmp-local	610/tcp	0.000113
npmp-local	610/udp	0.000741
npmp-gui	611/tcp	0.000038
npmp-gui	611/udp	0.000577
hmmp-ind	612/tcp	0.000013	# HMMP Indication
hmmp-op	613/tcp	0.000013	# HMMP Operation
hmmp-op	613/udp	0.000330	# HMMP Operation
sshell	614/tcp	0.000013	# SSLshell
sshell	614/udp	0.000330	# SSLshell
sco-inetmgr	615/tcp	0.000063	# Internet Configuration Manager
sco-inetmgr	615/udp	0.000330	# Internet Configuration Manager
sco-sysmgr	616/tcp	0.000289	# SCO System Administration Server
sco-sysmgr	616/udp	0.000330	# SCO System Administration Server
sco-dtmgr	617/tcp	0.000226	# SCO Desktop Administration Server or Arkeia (www.arkeia.com) backup software
sco-dtmgr	617/udp	0.001302	# SCO Desktop Administration Server
dei-icda	618/tcp	0.000013	# DEI-ICDA
compaq-evm	619/tcp	0.000025	# Compaq EVM
compaq-evm	619/udp	0.000991	# Compaq EVM
sco-websrvrmgr	620/tcp	0.000063	# SCO WebServer Manager
sco-websrvrmgr	620/udp	0.000991	# SCO WebServer Manager
escp-ip	621/tcp	0.000088	# ESCP
escp-ip	621/udp	0.000661	# ESCP
collaborator	622/tcp	0.000038	# Collaborator
oob-ws-http	623/tcp	0.000151	# DMTF out-of-band web services management protocol
asf-rmcp	623/udp	0.007929	# ASF Remote Management and Control
cryptoadmin	624/tcp	0.000038	# Crypto Admin
apple-xsrvr-admin	625/tcp	0.001869	# Apple Mac Xserver admin
apple-imap-admin	626/tcp	0.000025	# Apple IMAP mail admin
serialnumberd	626/udp	0.021473	# Mac OS X Server serial number (licensing) daemon
passgo-tivoli	627/tcp	0.000050	# PassGo Tivoli
qmqp	628/tcp	0.000038	# Qmail Quick Mail Queueing
qmqp	628/udp	0.000661	# QMQP
3com-amp3	629/tcp	0.000063	# 3Com AMP3
rda	630/tcp	0.000050	# RDA
rda	630/udp	0.000330	# RDA
ipp	631/tcp	0.006160	# Internet Printing Protocol -- for one implementation see http://www.cups.org (Common UNIX Printing System)
ipp	631/udp	0.450281	# Internet Printing Protocol
bmpp	632/tcp	0.000050
bmpp	632/udp	0.000661
servstat	633/tcp	0.000038	# Service Status update (Sterling Software)
ginad	634/tcp	0.000063
ginad	634/udp	0.000692
rlzdbase	635/tcp	0.000075	# RLZ DBase
mount	635/udp	0.000511	# NFS Mount Service
ldapssl	636/tcp	0.002083	# LDAP over SSL
ldaps	636/udp	0.000661	# ldap protocol over TLS/SSL (was sldap)
lanserver	637/tcp	0.000038
lanserver	637/udp	0.000428
mcns-sec	638/tcp	0.000050
msdp	639/tcp	0.000151	# MSDP
msdp	639/udp	0.001321	# MSDP
entrust-sps	640/tcp	0.000050
pcnfs	640/udp	0.000890	# PC-NFS DOS Authentication
repcmd	641/tcp	0.000088
repcmd	641/udp	0.000661
esro-emsdp	642/tcp	0.000075	# ESRO-EMSDP V1.3
sanity	643/tcp	0.000013	# SANity
sanity	643/udp	0.001982	# SANity
dwr	644/tcp	0.000038
dwr	644/udp	0.000991
pssc	645/tcp	0.000025	# PSSC
ldp	646/tcp	0.006549	# Label Distribution
dhcp-failover	647/tcp	0.000050	# DHCP Failover
rrp	648/tcp	0.000577	# Registry Registrar Protocol (RRP)
rrp	648/udp	0.000330	# Registry Registrar Protocol (RRP)
cadview-3d	649/tcp	0.000063	# Cadview-3d - streaming 3d models over the internet
cadview-3d	649/udp	0.000330	# Cadview-3d - streaming 3d models over the internet
bwnfs	650/udp	0.000544	# BW-NFS DOS Authentication
ieee-mms	651/tcp	0.000050	# IEEE MMS
hello-port	652/tcp	0.000013	# HELLO_PORT
hello-port	652/udp	0.000330	# HELLO_PORT
repscmd	653/tcp	0.000063	# RepCmd
repscmd	653/udp	0.000661	# RepCmd
aodv	654/tcp	0.000038	# AODV
tinc	655/tcp	0.000100	# TINC
tinc	655/udp	0.000330	# TINC
spmp	656/tcp	0.000038	# SPMP
rmc	657/tcp	0.000113	# RMC
rmc	657/udp	0.001321	# RMC
tenfold	658/tcp	0.000050	# TenFold
unknown	659/tcp	0.000100
unknown	659/udp	0.000661
mac-srvr-admin	660/tcp	0.000100	# MacOS Server Admin
mac-srvr-admin	660/udp	0.000577	# MacOS Server Admin
hap	661/tcp	0.000050	# HAP
pftp	662/tcp	0.000013	# PFTP
pftp	662/udp	0.000330	# PFTP
purenoise	663/tcp	0.000050	# PureNoise
secure-aux-bus	664/tcp	0.000063
secure-aux-bus	664/udp	0.003634
sun-dr	665/tcp	0.000063	# Sun DR
doom	666/tcp	0.000289	# Id Software Doom
doom	666/udp	0.000956	# doom Id Software
disclose	667/tcp	0.000238	# campaign contribution disclosures - SDR Technologies
disclose	667/udp	0.000330	# campaign contribution disclosures - SDR Technologies
mecomm	668/tcp	0.000213	# MeComm
meregister	669/tcp	0.000088	# MeRegister
vacdsm-sws	670/tcp	0.000038	# VACDSM-SWS
vpps-qua	672/tcp	0.000025	# VPPS-QUA
vpps-qua	672/udp	0.000991	# VPPS-QUA
cimplex	673/tcp	0.000050	# CIMPLEX
acap	674/tcp	0.000113	# ACAP server of Communigate (www.stalker.com)
acap	674/udp	0.000661	# ACAP
dctp	675/tcp	0.000038	# DCTP
dctp	675/udp	0.000330	# DCTP
vpps-via	676/tcp	0.000038	# VPPS Via
vpp	677/tcp	0.000025	# Virtual Presence Protocol
ggf-ncp	678/tcp	0.000075	# GNU Generation Foundation NCP
mrm	679/udp	0.000330	# MRM
entrust-aaas	680/tcp	0.000038
entrust-aaas	680/udp	0.000661
entrust-aams	681/tcp	0.000038
entrust-aams	681/udp	0.000991
xfr	682/tcp	0.000063	# XFR
xfr	682/udp	0.002643	# XFR
corba-iiop	683/tcp	0.000176
corba-iiop	683/udp	0.003304
corba-iiop-ssl	684/tcp	0.000113	# CORBA IIOP SSL
corba-iiop-ssl	684/udp	0.002313	# CORBA IIOP SSL
mdc-portmapper	685/tcp	0.000038	# MDC Port Mapper
mdc-portmapper	685/udp	0.002973	# MDC Port Mapper
hcp-wismar	686/tcp	0.000025	# Hardware Control Protocol Wismar
hcp-wismar	686/udp	0.002973	# Hardware Control Protocol Wismar
asipregistry	687/tcp	0.000188
asipregistry	687/udp	0.001982
realm-rusd	688/tcp	0.000025	# ApplianceWare managment protocol
realm-rusd	688/udp	0.001982	# ApplianceWare managment protocol
nmap	689/tcp	0.000038	# NMAP
nmap	689/udp	0.001321	# NMAP
vatp	690/tcp	0.000088	# Velazquez Application Transfer Protocol
vatp	690/udp	0.000330	# Velazquez Application Transfer Protocol
resvc	691/tcp	0.000376	# The Microsoft Exchange 2000 Server Routing Service
msexch-routing	691/udp	0.000330	# MS Exchange Routing
hyperwave-isp	692/tcp	0.000038	# Hyperwave-ISP
ha-cluster	694/tcp	0.000038
ha-cluster	694/udp	0.000661
ieee-mms-ssl	695/tcp	0.000063	# IEEE-MMS-SSL
rushd	696/tcp	0.000050	# RUSHD
rushd	696/udp	0.000330	# RUSHD
uuidgen	697/tcp	0.000025	# UUIDGEN
uuidgen	697/udp	0.000330	# UUIDGEN
olsr	698/tcp	0.000025	# OLSR
accessnetwork	699/tcp	0.000025	# Access Network
epp	700/tcp	0.000289	# Extensible Provisioning Protocol
epp	700/udp	0.000330	# Extensible Provisioning Protocol
lmp	701/tcp	0.000151	# Link Management Protocol (LMP)
lmp	701/udp	0.000330	# Link Management Protocol (LMP)
iris-beep	702/tcp	0.000050	# IRIS over BEEP
unknown	703/tcp	0.000038
elcsd	704/tcp	0.000038	# errlog copy/server daemon
elcsd	704/udp	0.000923	# errlog copy/server daemon
agentx	705/tcp	0.000414	# AgentX
agentx	705/udp	0.000661	# AgentX
silc	706/tcp	0.000075	# Secure Internet Live Conferencing -- http://silcnet.org
silc	706/udp	0.000330	# SILC
borland-dsj	707/tcp	0.000063	# Borland DSJ
unknown	708/tcp	0.000038
unknown	708/udp	0.000330
entrustmanager	709/tcp	0.000125	# EntrustManager - NorTel DES auth network see 389/tcp
entrustmanager	709/udp	0.000741	# EntrustManager - NorTel DES auth network see 389/tcp
entrust-ash	710/tcp	0.000151	# Entrust Administration Service Handler
entrust-ash	710/udp	0.000330	# Entrust Administration Service Handler
cisco-tdp	711/tcp	0.000401	# Cisco TDP
cisco-tdp	711/udp	0.000330	# Cisco TDP
tbrpf	712/tcp	0.000025	# TBRPF
iris-xpc	713/tcp	0.000125	# IRIS over XPC
iris-xpcs	714/tcp	0.000226	# IRIS over XPCS
iris-xpcs	714/udp	0.000330	# IRIS over XPCS
iris-lwz	715/tcp	0.000088	# IRIS-LWZ
iris-lwz	715/udp	0.000330	# IRIS-LWZ
unknown	716/tcp	0.000063
pana	716/udp	0.000330	# PANA Messages
unknown	717/tcp	0.000025
unknown	717/udp	0.000330
unknown	718/tcp	0.000038
unknown	719/tcp	0.000050
unknown	719/udp	0.000661
unknown	720/tcp	0.000238
unknown	720/udp	0.000991
unknown	721/tcp	0.000038
unknown	721/udp	0.000330
unknown	722/tcp	0.000226
unknown	722/udp	0.000661
omfs	723/tcp	0.000038	# OpenMosix File System
unknown	724/tcp	0.000050
unknown	724/udp	0.000330
unknown	725/tcp	0.000151
unknown	726/tcp	0.000188
unknown	726/udp	0.000330
unknown	727/tcp	0.000063
unknown	727/udp	0.000991
unknown	728/tcp	0.000088
unknown	728/udp	0.000661
netviewdm1	729/tcp	0.000100	# IBM NetView DM/6000 Server/Client
netviewdm1	729/udp	0.000857	# IBM NetView DM/6000 Server/Client
netviewdm2	730/tcp	0.000100	# IBM NetView DM/6000 send/tcp
netviewdm2	730/udp	0.000758	# IBM NetView DM/6000 send/tcp
netviewdm3	731/tcp	0.000100	# IBM NetView DM/6000 receive/tcp
netviewdm3	731/udp	0.000741	# IBM NetView DM/6000 receive/tcp
unknown	732/tcp	0.000113
unknown	732/udp	0.000991
unknown	733/tcp	0.000063
unknown	734/tcp	0.000038
unknown	734/udp	0.000991
unknown	735/tcp	0.000050
unknown	736/tcp	0.000050
unknown	736/udp	0.000330
unknown	737/tcp	0.000025
sometimes-rpc2	737/udp	0.000560	# Rusersd on my OpenBSD box
unknown	738/tcp	0.000025
unknown	738/udp	0.000330
unknown	739/tcp	0.000013
unknown	739/udp	0.000330
netcp	740/tcp	0.000088	# NETscout Control Protocol
netcp	740/udp	0.000873	# NETscout Control Protocol
netgw	741/tcp	0.000050
netgw	741/udp	0.000428
netrcs	742/tcp	0.000013	# Network based Rev. Cont. Sys.
netrcs	742/udp	0.000956	# Network based Rev. Cont. Sys.
unknown	743/tcp	0.000075
unknown	743/udp	0.000330
flexlm	744/tcp	0.000013	# Flexible License Manager
flexlm	744/udp	0.000659	# Flexible License Manager
unknown	745/tcp	0.000050
unknown	745/udp	0.000991
unknown	746/tcp	0.000025
unknown	746/udp	0.000330
fujitsu-dev	747/tcp	0.000025	# Fujitsu Device Control
fujitsu-dev	747/udp	0.000791	# Fujitsu Device Control
ris-cm	748/tcp	0.000113	# Russell Info Sci Calendar Manager
ris-cm	748/udp	0.001120	# Russell Info Sci Calendar Manager
kerberos-adm	749/tcp	0.000326	# Kerberos 5 admin/changepw
kerberos-adm	749/udp	0.000939	# Kerberos 5 admin/changepw
kerberos	750/tcp	0.000063	# kdc Kerberos (v4)
kerberos	750/udp	0.001269	# kdc Kerberos (v4)
kerberos_master	751/tcp	0.000038	# Kerberos `kadmin' (v4)
kerberos_master	751/udp	0.000923	# Kerberos `kadmin' (v4)
qrh	752/tcp	0.000013
qrh	752/udp	0.000725
rrh	753/tcp	0.000013
rrh	753/udp	0.000675
krb_prop	754/tcp	0.000088	# kerberos/v5 server propagation
tell	754/udp	0.000330	# send
unknown	755/tcp	0.000025
unknown	756/tcp	0.000038
unknown	756/udp	0.000330
unknown	757/tcp	0.000100
nlogin	758/tcp	0.000088
nlogin	758/udp	0.000708
con	759/tcp	0.000025
con	759/udp	0.000972
krbupdate	760/tcp	0.000050	# kreg Kerberos (v4) registration
ns	760/udp	0.001153
kpasswd	761/tcp	0.000050	# kpwd Kerberos (v4) "passwd"
rxe	761/udp	0.000956
quotad	762/tcp	0.000075
quotad	762/udp	0.000626
cycleserv	763/tcp	0.000025
cycleserv	763/udp	0.000741
omserv	764/tcp	0.000025
omserv	764/udp	0.001351
webster	765/tcp	0.000213
webster	765/udp	0.000659
unknown	766/tcp	0.000013
unknown	766/udp	0.000330
phonebook	767/tcp	0.000013	# phone
phonebook	767/udp	0.002257	# phone
unknown	768/tcp	0.000013
vid	769/tcp	0.000075
vid	769/udp	0.001252
cadlock	770/tcp	0.000038
cadlock	770/udp	0.001269
rtip	771/tcp	0.000063
rtip	771/udp	0.001219
cycleserv2	772/udp	0.001796
submit	773/tcp	0.000013
notify	773/udp	0.001713
rpasswd	774/tcp	0.000025
acmaint_dbd	774/udp	0.001664
entomb	775/tcp	0.000013
acmaint_transd	775/udp	0.001993
wpages	776/tcp	0.000025
wpages	776/udp	0.002043
multiling-http	777/tcp	0.000226	# Multiling HTTP
multiling-http	777/udp	0.000661	# Multiling HTTP
unknown	778/tcp	0.000100
unknown	779/tcp	0.000075
unknown	779/udp	0.000330
wpgs	780/tcp	0.000151
wpgs	780/udp	0.002718
hp-collector	781/tcp	0.000013	# hp performance data collector
hp-collector	781/udp	0.002636	# hp performance data collector
hp-managed-node	782/tcp	0.000100	# hp performance data managed node
hp-managed-node	782/udp	0.002933	# hp performance data managed node
spamassassin	783/tcp	0.000163	# Apache SpamAssassin spamd
unknown	784/tcp	0.000025
unknown	784/udp	0.000661
unknown	785/tcp	0.000025
unknown	785/udp	0.000330
concert	786/tcp	0.000100
concert	786/udp	0.002900
qsc	787/tcp	0.001455
unknown	787/udp	0.000330
unknown	788/tcp	0.000038
unknown	788/udp	0.000330
unknown	789/tcp	0.000075
unknown	789/udp	0.001321
unknown	790/tcp	0.000100
unknown	791/tcp	0.000050
unknown	792/tcp	0.000113
unknown	793/tcp	0.000025
unknown	794/tcp	0.000038
unknown	795/tcp	0.000100
unknown	795/udp	0.000330
unknown	796/tcp	0.000038
unknown	797/tcp	0.000038
unknown	797/udp	0.000330
unknown	798/tcp	0.000063
unknown	798/udp	0.000330
controlit	799/tcp	0.000038	# Remotely possible
mdbs_daemon	800/tcp	0.000427
mdbs_daemon	800/udp	0.004333
device	801/tcp	0.000238
device	801/udp	0.000939
unknown	802/tcp	0.000088
unknown	803/tcp	0.000151
unknown	804/tcp	0.000063
unknown	804/udp	0.000330
unknown	805/tcp	0.000088
unknown	805/udp	0.000661
unknown	806/tcp	0.000088
unknown	806/udp	0.000330
unknown	807/tcp	0.000063
unknown	807/udp	0.000330
ccproxy-http	808/tcp	0.002296	# CCProxy HTTP/Gopher/FTP (over HTTP) proxy
unknown	808/udp	0.000330
unknown	809/tcp	0.000075
unknown	809/udp	0.000661
fcp-udp	810/tcp	0.000063	# FCP
fcp-udp	810/udp	0.000661	# FCP Datagram
unknown	811/tcp	0.000075
unknown	811/udp	0.000330
unknown	812/tcp	0.000038
unknown	812/udp	0.000991
unknown	813/tcp	0.000050
unknown	814/tcp	0.000063
unknown	814/udp	0.001652
unknown	815/tcp	0.000075
unknown	815/udp	0.000661
unknown	816/tcp	0.000050
unknown	817/tcp	0.000075
unknown	818/tcp	0.000025
unknown	818/udp	0.000991
unknown	819/tcp	0.000050
unknown	819/udp	0.000991
unknown	820/tcp	0.000050
unknown	821/tcp	0.000038
unknown	821/udp	0.000661
unknown	822/tcp	0.000100
unknown	822/udp	0.000330
unknown	823/tcp	0.000100
unknown	823/udp	0.000661
unknown	824/tcp	0.000063
unknown	825/tcp	0.000113
unknown	826/tcp	0.000050
unknown	826/udp	0.001321
unknown	827/tcp	0.000025
itm-mcell-s	828/tcp	0.000063
itm-mcell-s	828/udp	0.000330
pkix-3-ca-ra	829/tcp	0.000125	# PKIX-3 CA/RA
pkix-3-ca-ra	829/udp	0.001982	# PKIX-3 CA/RA
netconf-ssh	830/tcp	0.000075	# NETCONF over SSH
netconf-beep	831/tcp	0.000050	# NETCONF over BEEP
netconf-beep	831/udp	0.000661	# NETCONF over BEEP
netconfsoaphttp	832/tcp	0.000038	# NETCONF for SOAP over HTTPS
netconfsoapbeep	833/tcp	0.000063	# NETCONF for SOAP over BEEP
netconfsoapbeep	833/udp	0.000661	# NETCONF for SOAP over BEEP
unknown	834/tcp	0.000075
unknown	835/tcp	0.000063
unknown	836/tcp	0.000050
unknown	836/udp	0.000330
unknown	837/tcp	0.000038
unknown	838/tcp	0.000025
unknown	838/udp	0.001652
unknown	839/tcp	0.000100
unknown	839/udp	0.000661
unknown	840/tcp	0.000113
unknown	840/udp	0.000330
unknown	841/tcp	0.000050
unknown	841/udp	0.000991
unknown	842/tcp	0.000025
unknown	842/udp	0.000330
unknown	843/tcp	0.000163
unknown	844/tcp	0.000075
unknown	844/udp	0.000330
unknown	845/tcp	0.000013
unknown	845/udp	0.000661
unknown	846/tcp	0.000100
unknown	846/udp	0.000330
dhcp-failover2	847/tcp	0.000063	# dhcp-failover 2
dhcp-failover2	847/udp	0.000330	# dhcp-failover 2
gdoi	848/tcp	0.000025	# GDOI
gdoi	848/udp	0.000330	# GDOI
unknown	849/tcp	0.000025
unknown	849/udp	0.000330
unknown	850/tcp	0.000050
unknown	851/tcp	0.000050
unknown	851/udp	0.000330
unknown	852/tcp	0.000025
unknown	853/tcp	0.000025
unknown	853/udp	0.000330
unknown	854/tcp	0.000038
unknown	855/tcp	0.000050
unknown	856/tcp	0.000138
unknown	857/tcp	0.000025
unknown	857/udp	0.000661
unknown	858/tcp	0.000075
unknown	859/tcp	0.000088
unknown	859/udp	0.000330
iscsi	860/tcp	0.000063	# iSCSI
owamp-control	861/tcp	0.000063	# OWAMP-Control
owamp-control	861/udp	0.000330	# OWAMP-Control
twamp-control	862/tcp	0.000100	# Two-way Active Measurement Protocol (TWAMP) Control
unknown	863/tcp	0.000075
unknown	863/udp	0.000330
unknown	864/tcp	0.000088
unknown	865/tcp	0.000025
unknown	866/tcp	0.000050
unknown	866/udp	0.000330
unknown	867/tcp	0.000038
unknown	868/tcp	0.000038
unknown	868/udp	0.000330
unknown	869/tcp	0.000038
unknown	869/udp	0.000661
unknown	870/tcp	0.000050
supfilesrv	871/tcp	0.000025	# SUP server
unknown	872/tcp	0.000050
unknown	872/udp	0.000330
rsync	873/tcp	0.003400	# Rsync server ( http://rsync.samba.org )
rsync	873/udp	0.000661
unknown	874/tcp	0.000138
unknown	875/tcp	0.000050
unknown	876/tcp	0.000025
unknown	876/udp	0.000991
unknown	877/tcp	0.000025
unknown	877/udp	0.000330
unknown	878/tcp	0.000088
unknown	879/tcp	0.000038
unknown	880/tcp	0.000464
unknown	880/udp	0.000330
unknown	881/tcp	0.000050
unknown	881/udp	0.000661
unknown	882/tcp	0.000025
unknown	883/tcp	0.000050
unknown	884/tcp	0.000025
unknown	884/udp	0.000330
unknown	885/tcp	0.000025
iclcnet-locate	886/tcp	0.000038	# ICL coNETion locate server
iclcnet-locate	886/udp	0.000330	# ICL coNETion locate server
iclcnet_svinfo	887/tcp	0.000025	# ICL coNETion server info
iclcnet_svinfo	887/udp	0.000991	# ICL coNETion server info
accessbuilder	888/tcp	0.000928	# or Audio CD Database
accessbuilder	888/udp	0.000923
unknown	889/tcp	0.000063
unknown	889/udp	0.000991
unknown	890/tcp	0.000025
unknown	890/udp	0.000330
unknown	891/tcp	0.000038
unknown	892/tcp	0.000025
unknown	893/tcp	0.000013
unknown	893/udp	0.000991
unknown	894/tcp	0.000063
unknown	895/tcp	0.000038
unknown	895/udp	0.000330
unknown	896/tcp	0.000013
unknown	897/tcp	0.000063
unknown	897/udp	0.000661
sun-manageconsole	898/tcp	0.000339	# Solaris Management Console Java listener (Solaris 8 & 9)
unknown	898/udp	0.000991
unknown	899/tcp	0.000063
unknown	899/udp	0.000330
omginitialrefs	900/tcp	0.000452	# OMG Initial Refs
omginitialrefs	900/udp	0.000661	# OMG Initial Refs
samba-swat	901/tcp	0.000552	# Samba SWAT tool.  Also used by ISS RealSecure.
smpnameres	901/udp	0.000330	# SMPNAMERES
iss-realsecure	902/tcp	0.001468	# ISS RealSecure Sensor
ideafarm-door	902/udp	0.001982	# self documenting Door: send 0x00 for info
iss-console-mgr	903/tcp	0.000176	# ISS Console Manager
ideafarm-panic	903/udp	0.001652	# self documenting Panic Door: send 0x00 for info
unknown	904/tcp	0.000113
unknown	904/udp	0.000330
unknown	905/tcp	0.000100
unknown	905/udp	0.000330
unknown	906/tcp	0.000050
unknown	907/tcp	0.000025
unknown	908/tcp	0.000025
unknown	908/udp	0.000661
unknown	909/tcp	0.000038
kink	910/tcp	0.000013	# Kerberized Internet Negotiation of Keys (KINK)
kink	910/udp	0.000330	# Kerberized Internet Negotiation of Keys (KINK)
xact-backup	911/tcp	0.000188
apex-mesh	912/tcp	0.000527	# APEX relay-relay service
apex-edge	913/tcp	0.000151	# APEX endpoint-relay service
unknown	914/tcp	0.000075
unknown	914/udp	0.000330
unknown	915/tcp	0.000025
unknown	915/udp	0.000330
unknown	916/tcp	0.000063
unknown	917/udp	0.000991
unknown	918/tcp	0.000088
unknown	919/tcp	0.000050
unknown	919/udp	0.000330
unknown	920/tcp	0.000025
unknown	921/tcp	0.000088
unknown	921/udp	0.000661
unknown	922/tcp	0.000088
unknown	922/udp	0.000661
unknown	923/tcp	0.000063
unknown	923/udp	0.000330
unknown	924/tcp	0.000088
unknown	925/tcp	0.000075
unknown	926/tcp	0.000075
unknown	927/tcp	0.000050
unknown	927/udp	0.000661
unknown	928/tcp	0.000088
unknown	929/tcp	0.000050
unknown	930/tcp	0.000151
unknown	931/tcp	0.000138
unknown	931/udp	0.000991
unknown	932/tcp	0.000013
unknown	932/udp	0.000330
unknown	933/tcp	0.000038
unknown	934/tcp	0.000025
unknown	934/udp	0.000991
unknown	935/tcp	0.000075
unknown	935/udp	0.000330
unknown	936/tcp	0.000050
unknown	937/tcp	0.000013
unknown	937/udp	0.000661
unknown	938/tcp	0.000050
unknown	938/udp	0.000330
unknown	939/tcp	0.000038
unknown	940/udp	0.000991
unknown	941/tcp	0.000050
unknown	941/udp	0.000661
unknown	942/tcp	0.000075
unknown	943/tcp	0.000113
unknown	943/udp	0.000330
unknown	944/tcp	0.000038
unknown	944/udp	0.001321
unknown	945/tcp	0.000050
unknown	945/udp	0.000330
unknown	946/tcp	0.000063
unknown	946/udp	0.000661
unknown	947/tcp	0.000038
unknown	947/udp	0.000991
unknown	948/tcp	0.000050
unknown	949/tcp	0.000063
unknown	949/udp	0.000991
oftep-rpc	950/tcp	0.000050	# Often RPC.statd (on Redhat Linux)
unknown	950/udp	0.000661
unknown	951/tcp	0.000038
unknown	951/udp	0.000661
unknown	952/tcp	0.000063
unknown	952/udp	0.000661
rndc	953/tcp	0.000138	# RNDC is used by BIND 9 (& probably other NS)
unknown	953/udp	0.000991
unknown	954/tcp	0.000013
unknown	954/udp	0.000330
unknown	955/tcp	0.000013
unknown	956/tcp	0.000025
unknown	957/tcp	0.000025
unknown	957/udp	0.000330
unknown	958/tcp	0.000063
unknown	958/udp	0.000330
unknown	959/tcp	0.000038
unknown	959/udp	0.001982
unknown	960/tcp	0.000038
unknown	960/udp	0.000661
unknown	961/tcp	0.000075
unknown	961/udp	0.000991
unknown	962/tcp	0.000050
unknown	962/udp	0.000330
unknown	963/tcp	0.000038
unknown	963/udp	0.000330
unknown	964/tcp	0.000038
unknown	965/tcp	0.000075
unknown	965/udp	0.001652
unknown	966/tcp	0.000025
unknown	966/udp	0.000661
unknown	967/tcp	0.000075
unknown	968/tcp	0.000038
unknown	968/udp	0.000330
unknown	969/tcp	0.000100
unknown	970/tcp	0.000038
unknown	970/udp	0.000330
unknown	971/tcp	0.000100
unknown	971/udp	0.000330
unknown	972/tcp	0.000025
unknown	972/udp	0.000330
unknown	973/tcp	0.000075
unknown	973/udp	0.000991
unknown	974/tcp	0.000063
securenetpro-sensor	975/tcp	0.000038
unknown	975/udp	0.000330
unknown	976/tcp	0.000013
unknown	977/tcp	0.000013
unknown	977/udp	0.000991
unknown	978/tcp	0.000025
unknown	978/udp	0.000330
unknown	979/tcp	0.000075
unknown	979/udp	0.000991
unknown	980/tcp	0.000125
unknown	981/tcp	0.000226
unknown	981/udp	0.000661
unknown	982/tcp	0.000025
unknown	982/udp	0.000991
unknown	983/tcp	0.000075
unknown	983/udp	0.002643
unknown	984/tcp	0.000063
unknown	984/udp	0.000991
unknown	985/tcp	0.000063
unknown	985/udp	0.000661
unknown	986/tcp	0.000013
unknown	986/udp	0.000661
unknown	987/tcp	0.000427
unknown	987/udp	0.000330
unknown	988/tcp	0.000050
unknown	988/udp	0.000661
ftps-data	989/tcp	0.000063	# ftp protocol, data, over TLS/SSL
ftps-data	989/udp	0.006277	# ftp protocol, data, over TLS/SSL
ftps	990/tcp	0.005570	# ftp protocol, control, over TLS/SSL
ftps	990/udp	0.004625	# ftp protocol, control, over TLS/SSL
nas	991/tcp	0.000038	# Netnews Administration System
telnets	992/tcp	0.000903	# telnet protocol over TLS/SSL
imaps	993/tcp	0.027199	# imap4 protocol over TLS/SSL
imaps	993/udp	0.000661	# imap4 protocol over TLS/SSL
ircs	994/tcp	0.000038	# irc protocol over TLS/SSL
pop3s	995/tcp	0.029921	# POP3 protocol over TLS/SSL
pop3s	995/udp	0.000991	# pop3 protocol over TLS/SSL (was spop3)
xtreelic	996/tcp	0.000100	# XTREE License Server
vsinet	996/udp	0.073362
maitrd	997/tcp	0.000038
maitrd	997/udp	0.073247
busboy	998/tcp	0.000100
puparp	998/udp	0.073395
garcon	999/tcp	0.000966
applix	999/udp	0.073230	# Applix ac
cadlock	1000/tcp	0.003149
ock	1000/udp	0.002142
unknown	1001/tcp	0.000364
unknown	1001/udp	0.004955
windows-icfw	1002/tcp	0.000690	# Windows Internet Connection Firewall or Internet Locator Server for NetMeeting.
unknown	1002/udp	0.000330
unknown	1003/tcp	0.000038
unknown	1003/udp	0.000661
unknown	1004/tcp	0.000088
unknown	1004/udp	0.000661
unknown	1005/tcp	0.000088
unknown	1005/udp	0.000330
unknown	1006/tcp	0.000113
unknown	1006/udp	0.000330
unknown	1007/tcp	0.000201
unknown	1007/udp	0.001652
ufsd	1008/tcp	0.000125	# ufsd		# UFS-aware server
ufsd	1008/udp	0.004020
unknown	1009/tcp	0.000226
unknown	1009/udp	0.000330
surf	1010/tcp	0.000188
surf	1010/udp	0.000661
unknown	1011/tcp	0.000176
unknown	1011/udp	0.000661
unknown	1012/tcp	0.000100
sometimes-rpc1	1012/udp	0.001993	# This is rstatd on my openBSD box
unknown	1013/tcp	0.000125
unknown	1013/udp	0.001321
unknown	1014/tcp	0.000100
unknown	1014/udp	0.002643
unknown	1015/tcp	0.000100
unknown	1015/udp	0.000991
unknown	1016/tcp	0.000050
unknown	1016/udp	0.000330
unknown	1017/tcp	0.000038
unknown	1018/tcp	0.000050
unknown	1018/udp	0.000991
unknown	1019/tcp	0.000075
unknown	1019/udp	0.003304
unknown	1020/tcp	0.000113
unknown	1020/udp	0.001321
exp1	1021/tcp	0.000301	# RFC3692-style Experiment 1 (*)    [RFC4727]
exp1	1021/udp	0.003634	# RFC3692-style Experiment 1 (*)    [RFC4727]
exp2	1022/tcp	0.001217	# RFC3692-style Experiment 2 (*)    [RFC4727]
exp2	1022/udp	0.007929	# RFC3692-style Experiment 2 (*)    [RFC4727]
netvenuechat	1023/tcp	0.000953	# Nortel NetVenue Notification, Chat, Intercom
unknown	1023/udp	0.016188
kdm	1024/tcp	0.002722	# K Display Manager (KDE version of xdm)
unknown	1024/udp	0.003964
NFS-or-IIS	1025/tcp	0.022406	# IIS, NFS, or listener RFS remote_file_sharing
blackjack	1025/udp	0.041813	# network blackjack
LSA-or-nterm	1026/tcp	0.010237	# nterm remote_login network_terminal
win-rpc	1026/udp	0.024777	# Commonly used to send MS Messenger spam
IIS	1027/tcp	0.006724
unknown	1027/udp	0.019822
unknown	1028/tcp	0.003421
ms-lsa	1028/udp	0.013443
ms-lsa	1029/tcp	0.003801
solid-mux	1029/udp	0.014536	# Solid Mux Server
iad1	1030/tcp	0.002860	# BBN IAD
iad1	1030/udp	0.008007	# BBN IAD
iad2	1031/tcp	0.002221	# BBN IAD
iad2	1031/udp	0.006639	# BBN IAD
iad3	1032/tcp	0.001719	# BBN IAD
iad3	1032/udp	0.006705	# BBN IAD
netinfo	1033/tcp	0.001342	# Netinfo is apparently on many OS X boxes.
netinfo-local	1033/udp	0.003964	# local netinfo port
zincite-a	1034/tcp	0.001064	# Zincite.A backdoor
activesync-notify	1034/udp	0.005173	# Windows Mobile device ActiveSync Notifications
multidropper	1035/tcp	0.001216	# A Multidropper Adware, or PhoneFree
mxxrlogin	1035/udp	0.001982	# MX-XR RPC
nsstp	1036/tcp	0.001216	# Nebula Secure Segment Transfer Protocol
nsstp	1036/udp	0.004295	# Nebula Secure Segment Transfer Protocol
ams	1037/tcp	0.001216	# AMS
ams	1037/udp	0.002313	# AMS
mtqp	1038/tcp	0.002053	# Message Tracking Query Protocol
mtqp	1038/udp	0.004295	# Message Tracking Query Protocol
sbl	1039/tcp	0.002129	# Streamlined Blackhole
sbl	1039/udp	0.004295	# Streamlined Blackhole
netsaint	1040/tcp	0.001342	# Netsaint status daemon
netarx	1040/udp	0.001982	# Netarx Netcare
danf-ak2	1041/tcp	0.002433	# AK2 Product
danf-ak2	1041/udp	0.004625	# AK2 Product
afrog	1042/tcp	0.000988	# Subnet Roaming
afrog	1042/udp	0.001982	# Subnet Roaming
boinc	1043/tcp	0.000841	# BOINC Client Control or Microsoft IIS
boinc	1043/udp	0.003493	# BOINC Client Control
dcutility	1044/tcp	0.002205	# Dev Consortium Utility
dcutility	1044/udp	0.003304	# Dev Consortium Utility
fpitp	1045/tcp	0.000380	# Fingerprint Image Transfer Protocol
fpitp	1045/udp	0.004625	# Fingerprint Image Transfer Protocol
wfremotertm	1046/tcp	0.000380	# WebFilter Remote Monitor
wfremotertm	1046/udp	0.001652	# WebFilter Remote Monitor
neod1	1047/tcp	0.000760	# Sun's NEO Object Request Broker
neod1	1047/udp	0.002973	# Sun's NEO Object Request Broker
neod2	1048/tcp	0.002357	# Sun's NEO Object Request Broker
neod2	1048/udp	0.002313	# Sun's NEO Object Request Broker
td-postman	1049/tcp	0.002357	# Tobit David Postman VPMN
td-postman	1049/udp	0.003304	# Tobit David Postman VPMN
java-or-OTGfileshare	1050/tcp	0.001669	# J2EE nameserver, also OTG, also called Disk/Application extender. Could also be MiniCommand backdoor OTGlicenseserv
cma	1050/udp	0.001652	# CORBA Management Agent
optima-vnet	1051/tcp	0.000760
optima-vnet	1051/udp	0.001321
ddt	1052/tcp	0.000760	# Dynamic DNS tools
ddt	1052/udp	0.000991	# Dynamic DNS tools
remote-as	1053/tcp	0.002357	# Remote Assistant (RA)
remote-as	1053/udp	0.001652	# Remote Assistant (RA)
brvread	1054/tcp	0.002357	# BRVREAD
brvread	1054/udp	0.002643	# BRVREAD
ansyslmd	1055/tcp	0.000760
ansyslmd	1055/udp	0.001652
vfo	1056/tcp	0.002357	# VFO
vfo	1056/udp	0.002973	# VFO
startron	1057/tcp	0.000380	# STARTRON
startron	1057/udp	0.001652	# STARTRON
nim	1058/tcp	0.001380
nim	1058/udp	0.001466
nimreg	1059/tcp	0.001342
nimreg	1059/udp	0.001647
polestar	1060/tcp	0.000760
polestar	1060/udp	0.001652
kiosk	1061/tcp	0.000380	# KIOSK
kiosk	1061/udp	0.000991	# KIOSK
veracity	1062/tcp	0.000760
veracity	1062/udp	0.000991
kyoceranetdev	1063/tcp	0.000380	# KyoceraNetDev
kyoceranetdev	1063/udp	0.000661	# KyoceraNetDev
jstel	1064/tcp	0.002357	# JSTEL
jstel	1064/udp	0.001982	# JSTEL
syscomlan	1065/tcp	0.002357	# SYSCOMLAN
syscomlan	1065/udp	0.002313	# SYSCOMLAN
fpo-fns	1066/tcp	0.001901
fpo-fns	1066/udp	0.002643
instl_boots	1067/tcp	0.000728	# Installation Bootstrap Proto. Serv.
instl_boots	1067/udp	0.001516	# Installation Bootstrap Proto. Serv.
instl_bootc	1068/tcp	0.000941	# Installation Bootstrap Proto. Cli.
instl_bootc	1068/udp	0.004778	# Installation Bootstrap Proto. Cli.
cognex-insight	1069/tcp	0.001901
cognex-insight	1069/udp	0.001982
gmrupdateserv	1070/tcp	0.000380	# GMRUpdateSERV
gmrupdateserv	1070/udp	0.001321	# GMRUpdateSERV
bsquare-voip	1071/tcp	0.002205	# BSQUARE-VOIP
bsquare-voip	1071/udp	0.000330	# BSQUARE-VOIP
cardax	1072/tcp	0.000380	# CARDAX
cardax	1072/udp	0.001321	# CARDAX
bridgecontrol	1073/tcp	0.000380	# Bridge Control
warmspotMgmt	1074/tcp	0.001216	# Warmspot Management Protocol
warmspotMgmt	1074/udp	0.000661	# Warmspot Management Protocol
rdrmshc	1075/tcp	0.000380	# RDRMSHC
rdrmshc	1075/udp	0.000330	# RDRMSHC
sns_credit	1076/tcp	0.000213	# Shared Network Services (SNS) for Canadian credit card authorizations
dab-sti-c	1076/udp	0.000661	# DAB STI-C
imgames	1077/tcp	0.000380	# IMGames
imgames	1077/udp	0.000661	# IMGames
avocent-proxy	1078/tcp	0.000380	# Avocent Proxy Protocol
avocent-proxy	1078/udp	0.000661	# Avocent Proxy Protocol
asprovatalk	1079/tcp	0.000380	# ASPROVATalk
asprovatalk	1079/udp	0.000661	# ASPROVATalk
socks	1080/tcp	0.001518
socks	1080/udp	0.002685
pvuniwien	1081/tcp	0.000380	# PVUNIWIEN
pvuniwien	1081/udp	0.001652	# PVUNIWIEN
amt-esd-prot	1082/tcp	0.000380	# AMT-ESD-PROT
amt-esd-prot	1082/udp	0.000330	# AMT-ESD-PROT
ansoft-lm-1	1083/tcp	0.000427	# Anasoft License Manager
ansoft-lm-1	1083/udp	0.001236	# Anasoft License Manager
ansoft-lm-2	1084/tcp	0.000263	# Anasoft License Manager
ansoft-lm-2	1084/udp	0.000626	# Anasoft License Manager
webobjects	1085/tcp	0.000380	# Web Objects
webobjects	1085/udp	0.000661	# Web Objects
cplscrambler-lg	1086/tcp	0.000456	# CPL Scrambler Logging
cplscrambler-lg	1086/udp	0.000330	# CPL Scrambler Logging
cplscrambler-in	1087/tcp	0.000304	# CPL Scrambler Internal
cplscrambler-in	1087/udp	0.001321	# CPL Scrambler Internal
cplscrambler-al	1088/tcp	0.000456	# CPL Scrambler Alarm Log
cplscrambler-al	1088/udp	0.001321	# CPL Scrambler Alarm Log
ff-annunc	1089/tcp	0.000304	# FF Annunciation
ff-annunc	1089/udp	0.000661	# FF Annunciation
ff-fms	1090/tcp	0.000228	# FF Fieldbus Message Specification
ff-fms	1090/udp	0.002313	# FF Fieldbus Message Specification
ff-sm	1091/tcp	0.000228	# FF System Management
obrpd	1092/tcp	0.000152	# Open Business Reporting Protocol
obrpd	1092/udp	0.000330	# Open Business Reporting Protocol
proofd	1093/tcp	0.000380	# PROOFD
proofd	1093/udp	0.000330	# PROOFD
rootd	1094/tcp	0.000380	# ROOTD
rootd	1094/udp	0.000330	# ROOTD
nicelink	1095/tcp	0.000152	# NICELink
nicelink	1095/udp	0.000661	# NICELink
cnrprotocol	1096/tcp	0.000380	# Common Name Resolution Protocol
sunclustermgr	1097/tcp	0.000456	# Sun Cluster Manager
rmiactivation	1098/tcp	0.000380	# RMI Activation
rmiactivation	1098/udp	0.000991	# RMI Activation
rmiregistry	1099/tcp	0.000380	# RMI Registry
rmiregistry	1099/udp	0.000661	# RMI Registry
mctp	1100/tcp	0.000380	# MCTP
mctp	1100/udp	0.001652	# MCTP
pt2-discover	1101/tcp	0.000076	# PT2-DISCOVER
pt2-discover	1101/udp	0.001321	# PT2-DISCOVER
adobeserver-1	1102/tcp	0.000152	# ADOBE SERVER 1
adobeserver-1	1102/udp	0.000661	# ADOBE SERVER 1
xaudio	1103/tcp	0.000151	# Xaserver	# X Audio Server
adobeserver-2	1103/udp	0.000661	# ADOBE SERVER 2
xrl	1104/tcp	0.000380	# XRL
xrl	1104/udp	0.000330	# XRL
ftranhc	1105/tcp	0.000152	# FTRANHC
ftranhc	1105/udp	0.001652	# FTRANHC
isoipsigport-1	1106/tcp	0.000380	# ISOIPSIGPORT-1
isoipsigport-1	1106/udp	0.000661	# ISOIPSIGPORT-1
isoipsigport-2	1107/tcp	0.000380	# ISOIPSIGPORT-2
isoipsigport-2	1107/udp	0.000330	# ISOIPSIGPORT-2
ratio-adp	1108/tcp	0.000380
ratio-adp	1108/udp	0.000330
kpop	1109/tcp	0.000151	# Pop with Kerberos
nfsd-status	1110/tcp	0.005809	# Cluster status info
nfsd-keepalive	1110/udp	0.000939	# Client status info
lmsocialserver	1111/tcp	0.001140	# LM Social Server
msql	1112/tcp	0.000276	# mini-sql server
icp	1112/udp	0.000330	# Intelligent Communication Protocol
ltp-deepspace	1113/tcp	0.000152	# Licklider Transmission Protocol
ltp-deepspace	1113/udp	0.000991	# Licklider Transmission Protocol
mini-sql	1114/tcp	0.000228	# Mini SQL
mini-sql	1114/udp	0.000330	# Mini SQL
ardus-cntl	1116/tcp	0.000076	# ARDUS Control
ardus-cntl	1116/udp	0.000661	# ARDUS Control
ardus-mtrns	1117/tcp	0.000228	# ARDUS Multicast Transfer
ardus-mtrns	1117/udp	0.000330	# ARDUS Multicast Transfer
sacred	1118/tcp	0.000076	# SACRED
bnetgame	1119/tcp	0.000228	# Battle.net Chat/Game Protocol
bnetgame	1119/udp	0.000330	# Battle.net Chat/Game Protocol
bnetfile	1120/udp	0.000330	# Battle.net File Transfer Protocol
rmpp	1121/tcp	0.000152	# Datalode RMPP
availant-mgr	1122/tcp	0.000228
availant-mgr	1122/udp	0.000661
murray	1123/tcp	0.000152	# Murray
hpvmmcontrol	1124/tcp	0.000304	# HP VMM Control
hpvmmcontrol	1124/udp	0.001652	# HP VMM Control
hpvmmagent	1125/tcp	0.000076	# HP VMM Agent
hpvmmagent	1125/udp	0.000330	# HP VMM Agent
hpvmmdata	1126/tcp	0.000152	# HP VMM Agent
supfiledbg	1127/tcp	0.000088	# SUP debugging
saphostctrl	1128/tcp	0.000076	# SAPHostControl over SOAP/HTTP
saphostctrls	1129/udp	0.000330	# SAPHostControl over SOAP/HTTPS
casp	1130/tcp	0.000152	# CAC App Service Protocol
casp	1130/udp	0.000330	# CAC App Service Protocol
caspssl	1131/tcp	0.000228	# CAC App Service Protocol Encripted
caspssl	1131/udp	0.000330	# CAC App Service Protocol Encripted
kvm-via-ip	1132/tcp	0.000152	# KVM-via-IP Management Service
dfn	1133/udp	0.000330	# Data Flow Network
aplx	1134/tcp	0.000076	# MicroAPL APLX
omnivision	1135/tcp	0.000076	# OmniVision Communication Service
hhb-gateway	1136/tcp	0.000076	# HHB Gateway Control
hhb-gateway	1136/udp	0.000330	# HHB Gateway Control
trim	1137/tcp	0.000152	# TRIM Workgroup Service
trim	1137/udp	0.000330	# TRIM Workgroup Service
encrypted_admin	1138/tcp	0.000228	# encrypted admin requests
cce3x	1139/tcp	0.000063	# ClearCommerce Engine 3.x ( www.clearcommerce.com)
evm	1139/udp	0.000661	# Enterprise Virtual Manager
mxomss	1141/tcp	0.000152	# User Message Service
imyx	1143/tcp	0.000076	# Infomatryx Exchange
imyx	1143/udp	0.000661	# Infomatryx Exchange
fuscript	1144/tcp	0.000076	# Fusion Script
fuscript	1144/udp	0.000330	# Fusion Script
x9-icue	1145/tcp	0.000152	# X9 iCue Show Control
x9-icue	1145/udp	0.000330	# X9 iCue Show Control
audit-transfer	1146/udp	0.000330	# audit transfer
capioverlan	1147/tcp	0.000152	# CAPIoverLAN
capioverlan	1147/udp	0.000330	# CAPIoverLAN
elfiq-repl	1148/tcp	0.000380	# Elfiq Replication Service
elfiq-repl	1148/udp	0.000661	# Elfiq Replication Service
bvtsonar	1149/tcp	0.000152	# BVT Sonar Service
bvtsonar	1149/udp	0.000330	# BVT Sonar Service
blaze	1150/tcp	0.000076	# Blaze File Server
unizensus	1151/tcp	0.000228	# Unizensus Login Server
unizensus	1151/udp	0.000330	# Unizensus Login Server
winpoplanmess	1152/tcp	0.000304	# Winpopup LAN Messenger
c1222-acse	1153/tcp	0.000076	# ANSI C12.22 Port
resacommunity	1154/tcp	0.000152	# Community Service
nfa	1155/udp	0.000890	# Network File Access
iascontrol-oms	1156/tcp	0.000076	# iasControl OMS
iascontrol	1157/tcp	0.000076	# Oracle iASControl
lsnr	1158/tcp	0.000138	# Oracle DB listener
dbcontrol-oms	1158/udp	0.000330	# dbControl OMS
oracle-oms	1159/tcp	0.000076	# Oracle OMS
health-trap	1162/tcp	0.000076	# Health Trap
health-trap	1162/udp	0.000330	# Health Trap
sddp	1163/tcp	0.000152	# SmartDialer Data Protocol
sddp	1163/udp	0.000991	# SmartDialer Data Protocol
qsm-proxy	1164/tcp	0.000152	# QSM Proxy Service
qsm-proxy	1164/udp	0.000330	# QSM Proxy Service
qsm-gui	1165/tcp	0.000152	# QSM GUI Service
qsm-remote	1166/tcp	0.000152	# QSM RemoteExec
qsm-remote	1166/udp	0.000330	# QSM RemoteExec
cisco-ipsla	1167/sctp	0.000000	# Cisco IP SLAs Control Protocol
cisco-ipsla	1167/tcp	0.000076	# Cisco IP SLAs Control Protocol
cisco-ipsla	1167/udp	0.000593	# Cisco IP SLAs Control Protocol
vchat	1168/tcp	0.000076	# VChat Conference Service
vchat	1168/udp	0.000330	# VChat Conference Service
tripwire	1169/tcp	0.000380	# TRIPWIRE
tripwire	1169/udp	0.000330	# TRIPWIRE
atc-lm	1170/udp	0.000330	# AT+C License Manager
d-cinema-rrp	1173/tcp	0.000076	# D-Cinema Request-Response
d-cinema-rrp	1173/udp	0.000330	# D-Cinema Request-Response
fnet-remote-ui	1174/tcp	0.000152	# FlashNet Remote Admin
dossier	1175/tcp	0.000228	# Dossier Server
dossier	1175/udp	0.000661	# Dossier Server
indigo-server	1176/tcp	0.000076	# Indigo Home Server
skkserv	1178/tcp	0.000050	# SKK (kanji input)
b2n	1179/tcp	0.000076	# Backup To Neighbor
mc-client	1180/tcp	0.000076	# Millicent Client Proxy
accelenet	1182/tcp	0.000076	# AcceleNet Control
llsurfup-http	1183/tcp	0.000304	# LL Surfup HTTP
llsurfup-https	1184/tcp	0.000076	# LL Surfup HTTPS
catchpole	1185/tcp	0.000152	# Catchpole port
catchpole	1185/udp	0.000330	# Catchpole port
mysql-cluster	1186/tcp	0.000304	# MySQL Cluster Manager
alias	1187/tcp	0.000152	# Alias Service
hp-webadmin	1188/tcp	0.000076	# HP Web Admin
hp-webadmin	1188/udp	0.000330	# HP Web Admin
unet	1189/udp	0.000330	# Unet Connection
commlinx-avl	1190/tcp	0.000076	# CommLinx GPS / AVL System
gpfs	1191/tcp	0.000076	# General Parallel File System
gpfs	1191/udp	0.000661	# General Parallel File System
caids-sensor	1192/tcp	0.000152	# caids sensors channel
fiveacross	1193/udp	0.000330	# Five Across Server
openvpn	1194/tcp	0.000076	# OpenVPN
openvpn	1194/udp	0.000330	# OpenVPN
rsf-1	1195/tcp	0.000076	# RSF-1 clustering
netmagic	1196/tcp	0.000076	# Network Magic
cajo-discovery	1198/tcp	0.000152	# cajo reference discovery
cajo-discovery	1198/udp	0.000330	# cajo reference discovery
dmidi	1199/tcp	0.000228	# DMIDI
scol	1200/tcp	0.000076	# SCOL
scol	1200/udp	0.001321	# SCOL
nucleus-sand	1201/tcp	0.000228	# Nucleus Sand Database Server
ssslic-mgr	1203/udp	0.000661	# License Validation
ssslog-mgr	1204/tcp	0.000076	# Log Request Listener
anthony-data	1206/udp	0.000661	# Anthony Data
metasage	1207/tcp	0.000076	# MetaSage
metasage	1207/udp	0.000330	# MetaSage
seagull-ais	1208/tcp	0.000076	# SEAGULL AIS
ipcd3	1209/tcp	0.000076	# IPCD3
eoss	1210/tcp	0.000076	# EOSS
groove-dpp	1211/tcp	0.000076	# Groove DPP
lupa	1212/tcp	0.000125
lupa	1212/udp	0.000544
mpc-lifenet	1213/tcp	0.000152	# MPC LIFENET
fasttrack	1214/tcp	0.000050	# Kazaa File Sharing
fasttrack	1214/udp	0.001796	# Kazaa File Sharing
scanstat-1	1215/tcp	0.000076	# scanSTAT 1.0
scanstat-1	1215/udp	0.000661	# scanSTAT 1.0
etebac5	1216/tcp	0.000152	# ETEBAC 5
etebac5	1216/udp	0.000330	# ETEBAC 5
hpss-ndapi	1217/tcp	0.000152	# HPSS NonDCE Gateway
aeroflight-ads	1218/tcp	0.001064	# AeroFlight ADs
quicktime	1220/tcp	0.000151	# Apple Darwin and QuickTime Streaming Administration Servers
sweetware-apps	1221/tcp	0.000076	# SweetWARE Apps
nerv	1222/tcp	0.000138	# SNI R&D network
nerv	1222/udp	0.000346	# SNI R&D network
tgp	1223/tcp	0.000076	# TrulyGlobal Protocol
vpnz	1224/udp	0.000330	# VPNz
slinkysearch	1225/udp	0.000330	# SLINKYSEARCH
stgxfws	1226/udp	0.000330	# STGXFWS
dns2go	1227/udp	0.000330	# DNS2Go
florence	1228/tcp	0.000076	# FLORENCE
zented	1229/tcp	0.000076	# ZENworks Tiered Electronic Distribution
zented	1229/udp	0.000330	# ZENworks Tiered Electronic Distribution
menandmice-lpm	1231/udp	0.000330
univ-appserver	1233/tcp	0.000152	# Universal App Server
univ-appserver	1233/udp	0.000330	# Universal App Server
hotline	1234/tcp	0.001217
search-agent	1234/udp	0.001652	# Infoseek Search Agent
bvcontrol	1236/tcp	0.000152
tsdos390	1237/udp	0.000991
nmsd	1239/tcp	0.000076	# NMSD
instantia	1240/tcp	0.000076	# Instantia
nessus	1241/tcp	0.000113	# Nessus or remote message server
nessus	1241/udp	0.000330
serialgateway	1243/tcp	0.000076	# SerialGateway
isbconference1	1244/tcp	0.000152
visionpyramid	1247/tcp	0.000304	# VisionPyramid
hermes	1248/tcp	0.000477
hermes	1248/udp	0.000412
mesavistaco	1249/tcp	0.000076	# Mesa Vista Co
mesavistaco	1249/udp	0.000330	# Mesa Vista Co
swldy-sias	1250/tcp	0.000076
servergraph	1251/tcp	0.000076
servergraph	1251/udp	0.000661
q55-pcc	1253/udp	0.000330
de-cache-query	1255/udp	0.000330
de-server	1256/udp	0.000661
shockwave2	1257/udp	0.000661	# Shockwave 2
opennl-voice	1259/tcp	0.000152	# Open Network Library Voice
opennl-voice	1259/udp	0.000330	# Open Network Library Voice
ibm-ssd	1260/udp	0.000330
mpshrsv	1261/tcp	0.000076
qnts-orb	1262/tcp	0.000076	# QNTS-ORB
prat	1264/tcp	0.000076	# PRAT
prat	1264/udp	0.000330	# PRAT
propel-msgsys	1268/tcp	0.000076	# PROPEL-MSGSYS
watilapp	1269/udp	0.000330	# WATiLaPP
ssserver	1270/tcp	0.000138	# Sun StorEdge Configuration Service
excw	1271/tcp	0.000228	# eXcW
cspmlockmgr	1272/tcp	0.000380	# CSPMLockMgr
ivmanager	1276/tcp	0.000076
miva-mqs	1277/tcp	0.000152	# mqs
dellwebadmin-2	1279/tcp	0.000076	# Dell Web Admin 2
dellwebadmin-2	1279/udp	0.000330	# Dell Web Admin 2
emperion	1282/tcp	0.000076	# Emperion
netuitive	1286/udp	0.000991
routematch	1287/tcp	0.000152	# RouteMatch Com
routematch	1287/udp	0.000991	# RouteMatch Com
winjaserver	1290/tcp	0.000076	# WinJaServer
seagulllms	1291/tcp	0.000076	# SEAGULLLMS
seagulllms	1291/udp	0.000330	# SEAGULLLMS
cmmdriver	1294/udp	0.000330	# CMMdriver
ehtp	1295/udp	0.000330	# End-by-Hop Transmission Protocol
dproxy	1296/tcp	0.000304
sdproxy	1297/tcp	0.000076
sdproxy	1297/udp	0.000330
hp-sci	1299/tcp	0.000076
hp-sci	1299/udp	0.000330
h323hostcallsc	1300/tcp	0.000152	# H323 Host Call Secure
h323hos