Getting a service's banner by connect to a port

Tue, 13 Mar 2007 12:21:17 -0800 

Hi,

Currently, I am trying to get different service banner by connecting
to different ports using python (code below).  The versions I am
working with are python 4.2.1 and fedora core 4.  I am trying to
reproduce a very small piece of nmap, since nmap has to get a port's
banner in order to figure out the version.  However, I haven't been
entirely successful.

*******************************************************
maxBannerLength = 1024
def probeScan(host, port, probeString):
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.settimeout(6)
                try:
                        s.connect((host, port))
                        s.send(probeString)
                        data = s.recv(maxBannerLength)

                except socket.timeout:
                        print "socket.timeout exception"
                        data = ""
                except socket.error, (value, message):
                        print "socket.error " +  message
                        data = ""

                # Close connection and return banner/data
                s.close()
                return data

*******************************************************

First off, the above code works fine for some ports.  I was able to
get the correct banners for some ports, some using the probeString as
an empty string and others as a different probeString.

But I have been having issues with many others.  The one I have tested
most recently was port 515 (services given from nmap on 2 ip addresses
are "printer" and "sdmsvc".  Now, I pass in the variable probeString
to the function as an empty string "", some of the ports (including
515) should give me the banner right away without needing a specific
probeString.  My python program is ending up in the socket.timeout
exception.  I have increased the timeout a couple of times to check if
that may be the problem, but no such luck.  I have been testing my
results from the above program with the results of netcat.  Netcat
gives me the correct banner when I pass it an empty string "".

As far as I have been able to figure out, I just need to connect to a
port, and send it a probeString.  As long as the correct probeString
is sent, the port(s) should give their banner.  I am pulling the
probeStrings from the nmap-service-probes file, which is the file that
nmap keeps its probes.  So, I am confident my probes are correct.

Has anyone ever run into this problem?  Or have suggestions?
I would greatly appreciate any information.

Thanks in advance.

-- 
http://mail.python.org/mailman/listinfo/python-list

Reply via email to