Nmap Development mailing list archives
Re: How Can We Talk To Port 138?
From: Ron <ron () skullsecurity net>
Date: Sat, 23 Aug 2008 08:03:36 -0500
mike wrote:
Hello guys... Last time i tried sending a message, someone told me it became mangled and unreadable. i am using a simple Windows Live! mail session to fire this off so after it leaves my hands i don't know what to tell ya.
Looks fine to me, although the lines are a bit long.
I have looked into nmap and various scanning utilities and i have yet to figure out just how to get a response from UDP port 138 (Datagram Service) as far as a service response/fingerprint is concerned. I know a bit about it's inner workings. i understand it is mainly for handling broadcast mailslots and election registration for servers involved. How do we speak to it to get something back? I only bring this up because, i see so much emphasis on NETBIOS ports in other scanners, but 138 seems to always be neglected. It doesn't seem to respond to standard SMB queries, nor does it respond to name/adapter status requests. So what do we use protocol wise? The only thing i can thing of is maybe it will only accept broadcast addresses as the source? Can someone look into that maybe? I also think maybe a tool i read about that comes with one of the Windows network tools packages for drilldowns/etc might also add to help in this discovery. I beleive they have a tool called Browsmon? or something that can construct and fire off election requests/responses or something to that effect. Would this work if incorporated in nmap? Ok, so the idea and input is out there for you to mull over. if this message becomes unreadable to you in transit, i am not sure what else to do. No word wrap options or anything from what i see in front of me so i guess you'll have to make do (unless i can just use notepad and paste future emails?) Thanks, Mike
Port UDP/138 is, as you said, the NetBIOS Datagram Service. You can send NetBIOS-encapsulated data to that port, and anything on the system that's waiting for that type of traffic will receive it and can act on it. The NetBIOS Session Service is easy, because it accepts SMB data, which makes life easy. Unfortunately, I'm not aware of any well-known services that listen and respond to NetBIOS Datagrams. Maybe I'll run a sniffer for a bit and see if anything pops up. Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- How Can We Talk To Port 138? mike (Aug 23)
- Re: How Can We Talk To Port 138? Ron (Aug 23)