wxp SP2 host responds to "nmblookup HOST" but not "nmblookup *"
David Wuertele
dave-gnus at bfnet.com
Tue Dec 28 19:55:28 GMT 2004
>> Executive summary: Is there some other method to enumerate all SMB
>> hosts on a LAN than a wildcard NBT node status query to the
>> broadcast address?
Christopher> This bug in XP breaks that rather nicely, doesn't it?
Yes, do we smell a conspiracy?
Christopher> You might try the following:
Christopher> - Turn off the Broadcast bit and see what happens.
Do you mean this line?
set_socket_options(sock,"SO_BROADCAST");
Christopher> - Try the "*SMBSERVER" name. *Some* systems will respond
Christopher> to this (though they probably shouldn't).
# nmblookup '*SMBSERVER'
creating lame upcase table
creating lame lowcase table
querying *SMBSERVER on 192.168.0.255
querying *SMBSERVER on 127.255.255.255
name_query failed to find name *SMBSERVER
#
They don't.
Christopher> What node type is 192.168.0.15? Is it a 'B'?
I think it is an 'M', but I don't have access to it to find out.
Christopher> Is it running XP-SP2?
Nope, W2K
Christopher> What happens when you query for BOGUSWORKGROUP<1e> ?
# nmblookup 'BOGUSWORKGROUP<1e>'
creating lame upcase table
creating lame lowcase table
querying BOGUSWORKGROUP<1e> on 192.168.0.255
192.168.0.15 BOGUSWORKGROUP<1e><00>
192.168.0.7 BOGUSWORKGROUP<1e><00>
#
Yep, as expected, both hosts show up. That suggests a workaround, so
long as I can discover at least the LMBs.
Christopher> 1) Do the broadcast name query.
Christopher> --or--
Christopher> Query for the MSBROWSE name.
Christopher> 2) Query all of the nodes returned for their workgroup name
Christopher> (do a Node Status query and look for <1E> or <00> group names).
Christopher> 3) Query for all of the workgroup names returned.
Christopher> Nasty, eh?
Quite... I can implement this, but do you really think that this is
how Microsoft does it?
Thanks,
Dave
More information about the samba-technical
mailing list