M
mmcgee00
Hi,
Currently, I am trying to get different service banner by connecting
to different ports using python (code below). The versions I am
working with are python 4.2.1 and fedora core 4. I am trying to
reproduce a very small piece of nmap, since nmap has to get a port's
banner in order to figure out the version. However, I haven't been
entirely successful.
*******************************************************
maxBannerLength = 1024
def probeScan(host, port, probeString):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(6)
try:
s.connect((host, port))
s.send(probeString)
data = s.recv(maxBannerLength)
except socket.timeout:
print "socket.timeout exception"
data = ""
except socket.error, (value, message):
print "socket.error " + message
data = ""
# Close connection and return banner/data
s.close()
return data
*******************************************************
First off, the above code works fine for some ports. I was able to
get the correct banners for some ports, some using the probeString as
an empty string and others as a different probeString.
But I have been having issues with many others. The one I have tested
most recently was port 515 (services given from nmap on 2 ip addresses
are "printer" and "sdmsvc". Now, I pass in the variable probeString
to the function as an empty string "", some of the ports (including
515) should give me the banner right away without needing a specific
probeString. My python program is ending up in the socket.timeout
exception. I have increased the timeout a couple of times to check if
that may be the problem, but no such luck. I have been testing my
results from the above program with the results of netcat. Netcat
gives me the correct banner when I pass it an empty string "".
As far as I have been able to figure out, I just need to connect to a
port, and send it a probeString. As long as the correct probeString
is sent, the port(s) should give their banner. I am pulling the
probeStrings from the nmap-service-probes file, which is the file that
nmap keeps its probes. So, I am confident my probes are correct.
Has anyone ever run into this problem? Or have suggestions?
I would greatly appreciate any information.
Thanks in advance.
Currently, I am trying to get different service banner by connecting
to different ports using python (code below). The versions I am
working with are python 4.2.1 and fedora core 4. I am trying to
reproduce a very small piece of nmap, since nmap has to get a port's
banner in order to figure out the version. However, I haven't been
entirely successful.
*******************************************************
maxBannerLength = 1024
def probeScan(host, port, probeString):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(6)
try:
s.connect((host, port))
s.send(probeString)
data = s.recv(maxBannerLength)
except socket.timeout:
print "socket.timeout exception"
data = ""
except socket.error, (value, message):
print "socket.error " + message
data = ""
# Close connection and return banner/data
s.close()
return data
*******************************************************
First off, the above code works fine for some ports. I was able to
get the correct banners for some ports, some using the probeString as
an empty string and others as a different probeString.
But I have been having issues with many others. The one I have tested
most recently was port 515 (services given from nmap on 2 ip addresses
are "printer" and "sdmsvc". Now, I pass in the variable probeString
to the function as an empty string "", some of the ports (including
515) should give me the banner right away without needing a specific
probeString. My python program is ending up in the socket.timeout
exception. I have increased the timeout a couple of times to check if
that may be the problem, but no such luck. I have been testing my
results from the above program with the results of netcat. Netcat
gives me the correct banner when I pass it an empty string "".
As far as I have been able to figure out, I just need to connect to a
port, and send it a probeString. As long as the correct probeString
is sent, the port(s) should give their banner. I am pulling the
probeStrings from the nmap-service-probes file, which is the file that
nmap keeps its probes. So, I am confident my probes are correct.
Has anyone ever run into this problem? Or have suggestions?
I would greatly appreciate any information.
Thanks in advance.