Nmap Development mailing list archives
Re: Netbios host resolution NMAP 4.00
From: doug () hcsw org
Date: Sat, 4 Feb 2006 12:02:16 -0800
Hi Jason, That's a very interesting observation. The reverse DNS code is definitley not designed to do netbios resolution. I downloaded the 3.45 sources and looked at how reverse DNS resolution was done then: It uses the getnameinfo() call just as --system-dns does now so it's fairly strange that it has stopped working for you. This article: http://www.codeguru.com/Cpp/I-N/internet/network/article.php/c6239/ says the following: Most of the code that I've come across to resolve the name of an IP address uses the gethostbyaddr API to accomplish this task. gethostbyaddr may eventually resort to using NetBIOS (port 137) to come up with the name. According to MSDN, gethostbyaddr is actually deprecated by the getnameinfo API. getnameinfo does a reverse lookup of an IP Address without using NetBIOS. I'm definitley not a windows expert but is it possible that the older version of nmap linked to a different getnameinfo() - perhaps one that was simply a wrapper for gethostbyaddr()? Apparently gethostbyaddr() "may eventually resort to using NetBIOS" where getnameinfo() shouldn't. Other than that, I don't know. I guess you would've mentioned if you'd changed any other configuration settings? Doug On Fri, Feb 03, 2006 at 10:39:19AM -0500 or thereabouts, Kee, Jason wrote:
I recently installed the newer version of nmap on a Windows 2003 SP1 server which had previously been running nmap 3.45. Winpcap 3.1 is installed. When running a scan on a Winbox with or without -R and with or without --system-dns, I am no longer getting NetBIOS name resolution. nbtstat -A on the scanned ip returns the name. The only change has been the NMAP version. Anyone else had this issue? Jason Kee DISCLAIMER: ********************************************************************** This communication, including attachments, may contain confidential, privileged, copyrighted or other legally protected information. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please immediately re-send this communication to the sender and delete the original message and any copy of it, including all attachments, from your computer system. ********************************************************************** _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Netbios host resolution NMAP 4.00 Kee, Jason (Feb 03)
- Re: Netbios host resolution NMAP 4.00 doug (Feb 04)