Nmap ventrilo-info NSE Script
This page contains detailed information about how to use the ventrilo-info NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/ventrilo-info.nse
Script categories: default, discovery, safe, version
Target service / protocol: ventrilo, tcp, udp
Target network port(s): 3784
List of CVEs: -
Script Description
The ventrilo-info.nse script detects the Ventrilo voice communication server service versions 2.1.2 and above and tries to determine version and configuration information. Some of the older versions (pre 3.0.0) may not have the UDP service that this probe relies on enabled by default.
The Ventrilo server listens on a TCP (voice/control) and an UDP (ping/status)
port with the same port number (fixed to 3784 in the free version, otherwise
configurable). This script activates on both a TCP and UDP port version scan.
In both cases probe data is sent only to the UDP port because it allows for a
simple and informative status command as implemented by the
ventrilo_status.exe executable which has shipped alongside the Windows server
package since version 2.1.2 when the UDP status service was implemented.
When run as a version detection script (-sV), the script will report on the
server version, name, uptime, authentication scheme, and OS. When run
explicitly (--script ventrilo-info), the script will additionally report on the
server name phonetic pronunciation string, the server comment, maximum number
of clients, voice codec, voice format, channel and client counts, and details
about channels and currently connected clients.
Original reversing of the protocol was done by Luigi Auriemma (http://aluigi.altervista.org/papers.htm#ventrilo).
Ventrilo-info NSE Script Arguments
The ventrilo-info.nse script does not have any arguments.
Ventrilo-info NSE Script Example Usage
Here's an example of how to use the ventrilo-info.nse script:
nmap -sV <target>
nmap -Pn -sU -sV --script ventrilo-info -p <port> <target>
Ventrilo-info NSE Script Example Output
Here's a sample output from the ventrilo-info.nse script:
PORT STATE SERVICE VERSION
9408/tcp open ventrilo Ventrilo 3.0.3.C (voice port; name: TypeFrag.com; uptime: 152h:56m; auth: pw)
| ventrilo-info:
| name: TypeFrag.com
| phonetic: Type Frag Dot Com
| comment: http://www.typefrag.com/
| auth: pw
| max. clients: 100
| voice codec: 3,Speex
| voice format: 32,32 KHz%2C 16 bit%2C 10 Qlty
| uptime: 152h:56m
| platform: WIN32
| version: 3.0.3.C
| channel count: 14
| channel fields: CID, PID, PROT, NAME, COMM
| client count: 6
| client fields: ADMIN, CID, PHAN, PING, SEC, NAME, COMM
| channels:
| <top level lobby> (CID: 0, PID: n/a, PROT: n/a, COMM: n/a): <empty>
| Group 1 (CID: 719, PID: 0, PROT: 0, COMM: ):
| stabya (ADMIN: 0, PHAN: 0, PING: 47, SEC: 206304, COMM:
| Group 2 (CID: 720, PID: 0, PROT: 0, COMM: ): <empty>
| Group 3 (CID: 721, PID: 0, PROT: 0, COMM: ): <empty>
| Group 4 (CID: 722, PID: 0, PROT: 0, COMM: ): <empty>
| Group 5 (CID: 723, PID: 0, PROT: 0, COMM: ):
| Sir Master Win (ADMIN: 0, PHAN: 0, PING: 32, SEC: 186890, COMM:
| waterbukk (ADMIN: 0, PHAN: 0, PING: 31, SEC: 111387, COMM:
| likez (ADMIN: 0, PHAN: 0, PING: 140, SEC: 22457, COMM:
| Tweet (ADMIN: 0, PHAN: 0, PING: 140, SEC: 21009, COMM:
| Group 6 (CID: 724, PID: 0, PROT: 0, COMM: ): <empty>
| Raid (CID: 725, PID: 0, PROT: 0, COMM: ): <empty>
| Officers (CID: 726, PID: 0, PROT: 1, COMM: ): <empty>
| PG 13 (CID: 727, PID: 0, PROT: 0, COMM: ): <empty>
| Rated R (CID: 728, PID: 0, PROT: 0, COMM: ): <empty>
| Group 7 (CID: 729, PID: 0, PROT: 0, COMM: ): <empty>
| Group 8 (CID: 730, PID: 0, PROT: 0, COMM: ): <empty>
| Group 9 (CID: 731, PID: 0, PROT: 0, COMM: ): <empty>
| AFK - switch to this when AFK (CID: 732, PID: 0, PROT: 0, COMM: ):
|_ Eisennacher (ADMIN: 0, PHAN: 0, PING: 79, SEC: 181948, COMM:
Service Info: OS: WIN32
Ventrilo-info NSE Script Example XML Output
Here's a sample XML output from the ventrilo-info.nse script produced by providing the -oX <file> Nmap option:
<elem key="phonetic">Type Frag Dot Com</elem>
<elem key="comment">http://www.typefrag.com/</elem>
<elem key="auth">1</elem>
<elem key="maxclients">100</elem>
<elem key="voicecodec">3,Speex</elem>
<elem key="voiceformat">32,32 KHz%2C 16 bit%2C 10 Qlty</elem>
<elem key="uptime">551533</elem>
<elem key="platform">WIN32</elem>
<elem key="version">3.0.3.C</elem>
<elem key="channelcount">14</elem>
<table key="channelfields">
<elem>CID</elem>
<elem>PID</elem>
<elem>PROT</elem>
<elem>NAME</elem>
<elem>COMM</elem>
</table>
<table key="channels">
<table key="0">
<elem key="NAME"><top level lobby></elem>
<elem key="CID">0</elem>
</table>
<table key="363">
<elem key="CID">363</elem>
<elem key="PID">0</elem>
<elem key="PROT">0</elem>
<elem key="NAME">Group 1</elem>
<elem key="COMM"></elem>
<table key="clients">
<table>
<elem key="ADMIN">0</elem>
<elem key="CID">363</elem>
<elem key="PHAN">0</elem>
<elem key="PING">47</elem>
<elem key="SEC">207276</elem>
<elem key="NAME">stabya</elem>
<elem key="COMM"></elem>
</table>
</table>
</table>
<!-- Channels other than the first and last cut for brevity -->
<table key="376">
<elem key="CID">376</elem>
<elem key="PID">0</elem>
<elem key="PROT">0</elem>
<elem key="NAME">AFK - switch to this when AFK</elem>
<elem key="COMM"></elem>
<table key="clients">
<table>
<elem key="ADMIN">0</elem>
<elem key="CID">376</elem>
<elem key="PHAN">0</elem>
<elem key="PING">78</elem>
<elem key="SEC">182920</elem>
<elem key="NAME">Eisennacher</elem>
<elem key="COMM"></elem>
</table>
</table>
</table>
</table>
<elem key="clientcount">6</elem>
<table key="clientfields">
<elem>ADMIN</elem>
<elem>CID</elem>
<elem>PHAN</elem>
<elem>PING</elem>
<elem>SEC</elem>
<elem>NAME</elem>
<elem>COMM</elem>
</table>
Author
- Marin Mari
References
- https://nmap.org/nsedoc/scripts/ventrilo-info.html
- https://github.com/nmap/nmap/tree/master/scripts/ventrilo-info.nse
- http://aluigi.altervista.org/papers.htm#ventrilo
- http://www.typefrag.com/
- http://www.typefrag.com/</elem>
See Also
Visit Nmap NSE Library for more scripts.
The ventrilo-info.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Invalid response. Aborting script.
Here is a relevant code snippet related to the "Invalid response. Aborting script." error message:
579: head_crc_sum = crc_sum
580:
581: -- check for an invalid response
582: if #response < 20 or pck >= totpck or
583: len > 492 or curlen > totlen then
584: stdnse.debug1("Invalid response. Aborting script.")
585: cleanup()
586: return
587: end
588:
589: -- keep track of the length of fulldata (# isn't applicable)
Invalid state (fulldatalen =
Here is a relevant code snippet related to the "Invalid state (fulldatalen = " error message:
597:
598: -- check for invalid states in communication
599: if (fulldatalen > totpck) or (curlen > totlen)
600: or (fulldatalen == totpck and curlen ~= totlen)
601: or (curlen == totlen and fulldatalen ~= totpck) then
602: stdnse.debug1("Invalid state (fulldatalen = " .. fulldatalen ..
603: "; totpck = " .. totpck .. "; curlen = " .. curlen ..
604: "; totlen = " .. totlen .. "). Aborting script.")
605: cleanup()
606: return
607: end
Invalid CRC sum, received = %04X, calculated = %04X
Here is a relevant code snippet related to the "Invalid CRC sum, received = %04X, calculated = %04X" error message:
626: local fulldata_str = table.concat(fulldata)
627:
628: -- check for an invalid checksum on the response data sections (no headers)
629: local fulldata_crc_sum = crc(fulldata_str)
630: if fulldata_crc_sum ~= head_crc_sum then
631: stdnse.debug1("Invalid CRC sum, received = %04X, calculated = %04X", head_crc_sum, fulldata_crc_sum)
632: cleanup()
633: return
634: end
635:
636: -- parse the received data string into an output table
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
