• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 # portmap dump request: like "rpcinfo -p" but via UDP instead
2 # send to UDP 111 and hope it's not a logging portmapper!
3 # split into longwords, since rpc apparently only deals with them
4 
5 001 # 0x01 # .	# XID: 4 trash bytes
6 002 # 0x02 # .
7 003 # 0x03 # .
8 004 # 0x04 # .
9 
10 000 # 0x00 # .	# MSG: int 0=call, 1=reply
11 000 # 0x00 # .
12 000 # 0x00 # .
13 000 # 0x00 # .
14 
15 000 # 0x00 # .	# pmap call body: rpc version=2
16 000 # 0x00 # .
17 000 # 0x00 # .
18 002 # 0x02 # .
19 
20 000 # 0x00 # .	# pmap call body: prog=PMAP, 100000
21 001 # 0x01 # .
22 134 # 0x86 # .
23 160 # 0xa0 # .
24 
25 000 # 0x00 # .	# pmap call body: progversion=2
26 000 # 0x00 # .
27 000 # 0x00 # .
28 002 # 0x02 # .
29 
30 000 # 0x00 # .	# pmap call body: proc=DUMP, 4
31 000 # 0x00 # .
32 000 # 0x00 # .
33 004 # 0x04 # .
34 
35 # with AUTH_NONE, there are 4 zero integers [16 bytes] here
36 
37 000 # 0x00 # .	# auth junk: cb_cred: auth_unix = 1; NONE = 0
38 000 # 0x00 # .
39 000 # 0x00 # .
40 000 # 0x00 # .
41 
42 000 # 0x00 # .	# auth junk
43 000 # 0x00 # .
44 000 # 0x00 # .
45 000 # 0x00 # .
46 
47 000 # 0x00 # .	# auth junk
48 000 # 0x00 # .
49 000 # 0x00 # .
50 000 # 0x00 # .
51 
52 000 # 0x00 # .	# auth junk
53 000 # 0x00 # .
54 000 # 0x00 # .
55 000 # 0x00 # .
56 
57 # The reply you get back contains your XID, int 1 if "accepted", and
58 # a whole mess of gobbledygook containing program numbers, versions,
59 # and ports that rpcinfo knows how to decode.  For the moment, you get
60 # to wade through it yourself...
61