Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 207695

Summary: net-analyzer/nbtscan-1.5.1-r1 should set NetBIOS broadcast flag to "unicast"
Product: Gentoo Linux Reporter: adam <adam101>
Component: Current packagesAssignee: Gentoo Netmon project <netmon>
Status: RESOLVED UPSTREAM    
Severity: normal CC: sam
Priority: High Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: The patch in proper patch format

Description adam 2008-01-27 15:29:36 UTC 
Nbtscan has an incorrect flag setting, meaning the program works differently than intended to, when compared to its windows version equivalent.
Please see below for patch that corrects the setting to its intended value.

Reproducible: Always

Steps to Reproduce:
1. ./nbtscan 192.168.1.1/24

Actual Results:  
nbtscan 192.168.1.1/24
>> Doing NBT name scan for addresses from 192.168.1.1/24
>>
>> IP address       NetBIOS Name     Server    User             MAC address
>> ---------------------------------------------------------------------------
>> --- 192.168.1.0     Sendto failed: Permission denied
>> 192.168.1.2      DHARMA           <server>  DHARMA
>> 00-00-00-00-00-00
>> 192.168.1.17     BIGCAKE          <server>  BIGCAKE
>> 00-00-00-00-00-00
>> 192.168.1.176    ANTIMATTER       <server>  ANTIMATTER
>> 00-00-00-00-00-00
>> 192.168.1.158    LEMON            <server>  <unknown>
>> 00-0c-29-f3-34-31
>> 192.168.1.192    HELLFIRE2        <server>  <unknown>
>> 00-0c-29-8e-06-fe
>> 192.168.1.175    SUPERMAN         <server>  <unknown>
>> 00-ae-24-41-f2-3a

Expected Results:  
$ ./nbtscan 192.168.1.1/24
>> Doing NBT name scan for addresses from 192.168.1.1/24
>>
>> IP address       NetBIOS Name     Server    User             MAC address
>> ---------------------------------------------------------------------------
>> --- 192.168.1.0     Sendto failed: Permission denied
>> 192.168.1.2      DHARMA           <server>  DHARMA
>> 00-00-00-00-00-00
>> 192.168.1.17     BIGCAKE          <server>  BIGCAKE
>> 00-00-00-00-00-00
>> 192.168.1.163    CORVIS           <server>  <unknown>
>> 00-15-99-3d-df-57
>> 192.168.1.158    LEMON            <server>  <unknown>
>> 00-0c-29-f3-34-31
>> 192.168.1.176    ANTIMATTER       <server>  ANTIMATTER
>> 00-00-00-00-00-00
>> 192.168.1.175    SUPERMAN         <server>  <unknown>
>> 00-ae-24-41-f2-3a
>> 192.168.1.188    DIMEBAR          <server>  <unknown>
>> 00-0f-1f-28-b1-6a
>> 192.168.1.192    HELLFIRE2        <server>  <unknown>
>> 00-0c-29-8e-06-fe

The following patch corrects the incorrect flag setting:

$ diff nbtscan-1.5.1-r1/statusq.h nbtscan-1.5.1-test/statusq.h
17c17
< #define       FL_BROADCAST            0x0010
---
> > #define       FL_BROADCAST            0x0000
Comment 1 adam 2008-01-29 10:11:48 UTC 
Created attachment 142093 [details, diff]
The patch in proper patch format
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-26 04:04:14 UTC 
Could you please describe in more detail what the problem is and how your patch fixes it?
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2014-07-14 13:02:20 UTC 
According to RFC 1002, it looks like you're setting the Broadcast Flag to unicast instead of broadcast/multicast. And comparing the output of your nbtscan calls, you gain two listed servers with the patch applied. What would be interesting to find out is why these servers don't respond when the broadcast/multicast flag is set.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-02-03 10:10:07 UTC 
If this is still applicable, please forward it to (the new) upstream: https://github.com/resurrecting-open-source-projects/nbtscan.