New payloads for GTP. Closes #917

2025-12-06 04:31:29 +00:00 · 2020-01-10 05:32:09 +00:00
parent f974b625d2
commit 81fc9943d3
2 changed files with 33 additions and 0 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [GH#917] New UDP payloads for GPRS Tunneling Protocol (GTP) on ports 2123,
+  2152, and 3386. [Guillaume Teissier]
+
 o [NSE][GH#1825] SSH scripts now run on several ports likely to be SSH based on
  empirical data from Shodan.io, as well as the netconf-ssh service.
  [Lim Shi Min Jonathan, Daniel Miller]
--- a/30
+++ b/30
@@ -210,6 +210,36 @@ udp 2049
  "\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  "\x00\x00\x00\x00\x00\x00\x00\x00"

+# GPRS Tunneling Protocol (GTP)
+udp 2123,2152
+# GTPv1, protocol 1
+"\x32"
+# EchoRequest
+"\x01"
+# message length
+"\x00\x04"
+# Tunnel endpoint identifier
+"\x00\x00\x42\x00"
+# sequence number
+"\x13\x37"
+# N-PDU number
+"\x00"
+# next extension header type
+"\x00"
+
+# GPRS Tunneling Protocol (GTP) "prime" v2
+# This same packet can be used for GTP v2 on ports 2123 and 2152 if you change
+# the first byte from \x4e to \x40
+udp 3386
+# GTP'v2
+"\x4e"
+# EchoRequest
+"\x01"
+# message length
+"\x00\x04"
+# sequence number
+"\xde\xfe\xc8\x00"
+
 # Freelancer game server status query
 # http://sourceforge.net/projects/gameq/
 # (relevant files: games.ini, packets.ini, freelancer.php)