SYNSCAN.SERVICES(5) BSD File Formats Manual SYNSCAN.SERVICES(5) NAME synscan.services - the service configuration file for synscan DESCRIPTION synscan.services(8) is the configuration file for the service-level data used by synscan(5). This manual page describes the format of this file and of the grammar used to configure services for synscan to use. Service declarations define the semantics of the application layer proto- col, which is separated from the network layer configuration done in the session configuration file. See synscan.conf(5) for the session configu- ration manual. A service is a named entity with the following format: service service_name { [service directives] }; DIRECTIVES port PORT|PORTLIST ; The port directive tells synscan which port, or ports to match this ser- vice declaration to. When synscan is run from the command line, the port given is looked up in the services file. The first matching port is the one service specification that will be used. Example: service http { port 80; }; Example 2: service http { port 80, 8000, 8080; }; segment { SEGMENT_DIRECTIVES } ; A segment specifies a piece of application level data, travelling either to or from the remote host, as well as the data contained therein, and optionally, any flags that should be set with the segment. Segments are unnamed and ordered. That is, segments are sent and expected in the order in which they appear in the configuration file. SEGMENT_DIRECTIVES inbound|outbound ; The direction of the segment is specified with the keyword inbound or outbound. Example: segment { inbound; }; payload = PAYLOAD_STRING ; The payload string specifies the exact payload coming from or going to the remote host. When the direction is inbound, the PAYLOAD_STRING can be a regular expression that is used to match against the incoming seg- ment. When the direction of the segment is outbound, the keyword $HOSTNAME will be replaced by the hostname supplied on the command line. If the host- name from the command line is actually a dotted quad address, a DNS lookup will be attempted and the DNS name will replace $HOSTNAME. If the DNS query fails, the dotted quad will be used. Example: segment { inbound; payload = "HTTP/1\.. 200 OK"; }; By default, the PAYLOAD_STRING is interprets as an ASCII string. Hex encodings can be specified using a "\x" escape sequence, as shown in example 2 below: Example 2: segment { outbound; payload = "\x01\x02\x03\x04\x05"; }; Notice the payload uses a regular expression to match both HTTP/1.0 and HTTP/1.1 replies from a HTTP request. flags = FLAGS ; Example 2: segment { flags = psh; }; The flags directive can optionally be used to specify any TCP-level flags that should be set on the segment. The real use of this is to specify the PSH flag which tells the remote stack to push the sent data up to the receiver as soon as possible. EXAMPLES service http { port 80; segment { flags = psh|ack; outbound; payload = "GET /index.html HTTP/1.1\r\n\r\n"; }; segment { inbound; payload = "HTTP/1\.. 200 OK"; }; }; SEE ALSO synscan(8), synscan.conf(5), regex(7) AUTHORS Greg Taleck BSD November 18, 2003 BSD