1# portmap dump request: like "rpcinfo -p" but via UDP instead 2# send to UDP 111 and hope it's not a logging portmapper! 3# split into longwords, since rpc apparently only deals with them 4 5001 # 0x01 # . # XID: 4 trash bytes 6002 # 0x02 # . 7003 # 0x03 # . 8004 # 0x04 # . 9 10000 # 0x00 # . # MSG: int 0=call, 1=reply 11000 # 0x00 # . 12000 # 0x00 # . 13000 # 0x00 # . 14 15000 # 0x00 # . # pmap call body: rpc version=2 16000 # 0x00 # . 17000 # 0x00 # . 18002 # 0x02 # . 19 20000 # 0x00 # . # pmap call body: prog=PMAP, 100000 21001 # 0x01 # . 22134 # 0x86 # . 23160 # 0xa0 # . 24 25000 # 0x00 # . # pmap call body: progversion=2 26000 # 0x00 # . 27000 # 0x00 # . 28002 # 0x02 # . 29 30000 # 0x00 # . # pmap call body: proc=DUMP, 4 31000 # 0x00 # . 32000 # 0x00 # . 33004 # 0x04 # . 34 35# with AUTH_NONE, there are 4 zero integers [16 bytes] here 36 37000 # 0x00 # . # auth junk: cb_cred: auth_unix = 1; NONE = 0 38000 # 0x00 # . 39000 # 0x00 # . 40000 # 0x00 # . 41 42000 # 0x00 # . # auth junk 43000 # 0x00 # . 44000 # 0x00 # . 45000 # 0x00 # . 46 47000 # 0x00 # . # auth junk 48000 # 0x00 # . 49000 # 0x00 # . 50000 # 0x00 # . 51 52000 # 0x00 # . # auth junk 53000 # 0x00 # . 54000 # 0x00 # . 55000 # 0x00 # . 56 57# The reply you get back contains your XID, int 1 if "accepted", and 58# a whole mess of gobbledygook containing program numbers, versions, 59# and ports that rpcinfo knows how to decode. For the moment, you get 60# to wade through it yourself... 61