Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Netbios host resolution NMAP 4.00
From: doug () hcsw org
Date: Sat, 4 Feb 2006 12:02:16 -0800

Hi Jason,

That's a very interesting observation. The reverse DNS code is
definitley not designed to do netbios resolution. I downloaded the
3.45 sources and looked at how reverse DNS resolution was done then:
It uses the getnameinfo() call just as --system-dns does now so it's
fairly strange that it has stopped working for you.

This article:


says the following:

Most of the code that I've come across to resolve the name of an IP address uses the gethostbyaddr API to accomplish 
this task. gethostbyaddr may eventually resort to using NetBIOS (port 137) to come up with the name. According to MSDN, 
gethostbyaddr is actually deprecated by the getnameinfo API. getnameinfo does a reverse lookup of an IP Address without 
using NetBIOS.

I'm definitley not a windows expert but is it possible that the older
version of nmap linked to a different getnameinfo() - perhaps one that
was simply a wrapper for gethostbyaddr()? Apparently gethostbyaddr()
"may eventually resort to using NetBIOS" where getnameinfo() shouldn't.

Other than that, I don't know. I guess you would've mentioned if you'd
changed any other configuration settings?


On Fri, Feb 03, 2006 at 10:39:19AM -0500 or thereabouts, Kee, Jason wrote:
I recently installed the newer version of nmap on a Windows 2003 SP1
server which had previously been running nmap 3.45. Winpcap 3.1 is
installed. When running a scan on a Winbox with or without -R and with
or without --system-dns, I am no longer getting NetBIOS name resolution.
nbtstat -A on the scanned ip returns the name. The only change has been
the NMAP version. Anyone else had this issue?
Jason Kee

This communication, including attachments, may contain confidential, privileged, copyrighted or other legally 
protected information.  If you are not the intended recipient, you are hereby notified that any use, disclosure, 
dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited.  If 
you have received this communication in error, please immediately re-send this communication to the sender and delete 
the original message and any copy of it, including all attachments, from your computer system.

Sent through the nmap-dev mailing list

Sent through the nmap-dev mailing list

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]