Re: NSE Socket Operation on a non-socket

[jah <jah () zadkiel plus com>]

On 18/07/2009 21:59, Brandon Enright wrote:
> On Sat, 18 Jul 2009 20:00:06 +0100 or thereabouts jah
> <jah () zadkiel plus com> wrote:
>
>   
> > So it looks like it might be the OS jumping in and messing things up.
> > I'm going to pick through a capture file and see if this is what
> > happened yesterday when running banner and smb-enum-shares.
> >     
>
> It's pretty common to see the Winsock layer get corrupted in some way
> and produce the "operation can not be performed on something that isn't
> a socket" error.
>
> I guess it's a stretch but your Winsock keys may be corrupted.  You can
> try deleting HKLM/System/CurrentControlSet/Services/Winsock and
> Winsock2, rebooting (they will be remade), and then running on the
> command prompt "netsh interface ip reset log".
>
> This isn't a complete reset of all things Winsock related but it's a
> pretty good start.  An even more comprehensive thing to do would be to
> unregister/reregister the networking related DLLs, uninstall TCP/IP (it
> can be done) and reinstall it.  I can detail those steps for you if you
> think this problem might be corruption related rather than Windows
> idiocy.
Thanks Brandon, I hadn't considered these possibilities.  Something else
which occurred to me was that I was doing the testing against a VMware
remote host which was running on the local host with a bridged interface
- perhaps this was causing some weirdness.  To kill many birds with one
stone, I set-up a new XP SP3 install on a fresh partition and ran Nmap
from there.  It turned-out that the behaviour is repeatable on the new
XP, my main XP and an XP VM in any combination.

I would say it's straight-up windows idiocy.

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org