Getting a service's banner by connect to a port

mmcgee00 at hotmail.com mmcgee00 at hotmail.com
Tue Mar 13 16:18:12 EDT 2007 

Hi,

Currently, I am trying to get different service banner by connecting
to different ports using python (code below).  The versions I am
working with are python 4.2.1 and fedora core 4.  I am trying to
reproduce a very small piece of nmap, since nmap has to get a port's
banner in order to figure out the version.  However, I haven't been
entirely successful.

*******************************************************
maxBannerLength = 1024
def probeScan(host, port, probeString):
		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		s.settimeout(6)
		try:
            		s.connect((host, port))
			s.send(probeString)
			data = s.recv(maxBannerLength)

		except socket.timeout:
			print "socket.timeout exception"
			data = ""
		except socket.error, (value, message):
			print "socket.error " +  message
			data = ""

		# Close connection and return banner/data
		s.close()
		return data

*******************************************************

First off, the above code works fine for some ports.  I was able to
get the correct banners for some ports, some using the probeString as
an empty string and others as a different probeString.

But I have been having issues with many others.  The one I have tested
most recently was port 515 (services given from nmap on 2 ip addresses
are "printer" and "sdmsvc".  Now, I pass in the variable probeString
to the function as an empty string "", some of the ports (including
515) should give me the banner right away without needing a specific
probeString.  My python program is ending up in the socket.timeout
exception.  I have increased the timeout a couple of times to check if
that may be the problem, but no such luck.  I have been testing my
results from the above program with the results of netcat.  Netcat
gives me the correct banner when I pass it an empty string "".

As far as I have been able to figure out, I just need to connect to a
port, and send it a probeString.  As long as the correct probeString
is sent, the port(s) should give their banner.  I am pulling the
probeStrings from the nmap-service-probes file, which is the file that
nmap keeps its probes.  So, I am confident my probes are correct.

Has anyone ever run into this problem?  Or have suggestions?
I would greatly appreciate any information.

Thanks in advance.

More information about the Python-list mailing list