Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: issue with enum-sessions script

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 28 Nov 2014 10:28:59 -0600
Mike,

Could you provide full output for this command: nmap -n -Pn -T4
--script=smb-enum-sessions -p 445 -d --script-trace (ip)

This looks like a socket is being created without being configured and then
immediately closed. This might be intended, but I'd like to clean it up if
it is not.

Dan

On Wed, Nov 26, 2014 at 1:51 PM, Mike . <dmciscobgp () hotmail com> wrote:


so i am not sure if this is the proper behavoir and output i am supposed
to see here. i normally dont bother looking for netbios servers, but i was
just in that kinda mood, i guess. i ran the afforementioned script and got
this over and over, as if it was in a loop. i am assuming it has something
to do with the SMB negprot? i don't even get an error or anything after i
run it. this is what i am seeing after the query

Nmap scan report for ***********
Host is up, received user-set (0.060s latency).
Scanned at 2014-11-26 13:43:14 Central Standard Time for 2s
PORT    STATE SERVICE      REASON
135/tcp open  msrpc        syn-ack
139/tcp open  netbios-ssn  syn-ack
445/tcp open  microsoft-ds syn-ack

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: C:\Program Files\Nmap
Nmap done: 1 IP address (1 host up) scanned in 2.91 seconds
           Raw packets sent: 3 (132B) | Rcvd: 3 (132B)

cmd ran was this: nmap -n -Pn -vv -T4 -max-retries 1 -reason (ip)
-script=smb-enum-sessions.nse -p 139,445,135

and this is the error i kept getting in  a loop

NSE: TCP unknown protocol:0 > unknown protocol:0 | CLOSE

in the packet activity i noticed the SMB negprot was V2. shouldn't the
script then try and switch to that or at least give me some error for
output?

thanks | mike

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: