Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How Can We Talk To Port 138?

From: Ron <ron () skullsecurity net>
Date: Sat, 23 Aug 2008 08:03:36 -0500
mike wrote:

Hello guys...
Last time i tried sending a message, someone told me it became mangled and unreadable. i am using a simple Windows 
Live! mail session to fire this off so after it leaves my hands i don't know what to tell ya.

Looks fine to me, although the lines are a bit long.


I have looked into nmap and various scanning utilities and i have yet to figure out just how to get a response from 
UDP port 138 (Datagram Service) as far as a service response/fingerprint is concerned. I know a bit about it's inner 
workings. i understand it is mainly for handling broadcast mailslots and election registration for servers involved. 
How do we speak to it to get something back? I only bring this up because, i see so much emphasis on NETBIOS ports in 
other scanners, but 138 seems to always be neglected. It doesn't seem to respond to standard SMB queries, nor does it 
respond to name/adapter status requests. So what do we use protocol wise?
 
The only thing i can thing of is maybe it will only accept broadcast addresses as the source? Can someone look into 
that maybe? I also think maybe a tool i read about that comes with one of the Windows network tools packages for 
drilldowns/etc might also add to help in this discovery. I beleive they have a tool called Browsmon? or something 
that can construct and fire off election requests/responses or something to that effect. Would this work if 
incorporated in nmap?
 
Ok, so the idea and input is out there for you to mull over. if this message becomes unreadable to you in transit, i 
am not sure what else to do. No word wrap options or anything from what i see in front of me so i guess you'll have 
to make do (unless i can just use notepad and paste future emails?)
 
Thanks,
Mike

Port UDP/138 is, as you said, the NetBIOS Datagram Service. You can send
NetBIOS-encapsulated data to that port, and anything on the system
that's waiting for that type of traffic will receive it and can act on it.

The NetBIOS Session Service is easy, because it accepts SMB data, which
makes life easy. Unfortunately, I'm not aware of any well-known services
that listen and respond to NetBIOS Datagrams.

Maybe I'll run a sniffer for a bit and see if anything pops up.

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: