Optionally use port 445 instead of port 137 to detect SMB servers

[icnocop]

Hi.

I'm trying to get Node.GetServers() to return the SMB server listening on the loopback adapter but the NameQuery packet sent to port 137 doesn't seem to get a reply, and so it doesn't get added to the list.

Windows 10

Steps to reproduce:

1. Disable "Server" service
2. Install the "Microsoft KM-TEST Loopback Adapter"
3. Bind adapter to IP 10.0.0.1 and Subnet Mask 255.255.255.0
4. Create a text file in the folder "C:\Shared"
5. Run SMBServer.exe IP Address: Any Transport: Direct TCP Transport (Port 445) Protocol: [X] SMB 1.0/CIFS [X] SMB 2.0/2.1 [ ] Integrated Windows Authentication
6. Click Start
7. Modify EzSmb\Scanners\Scanner.cs by commenting out these two lines (47 and 62): || nic.NetworkInterfaceType == NetworkInterfaceType.Loopback || IPAddress.IsLoopback(uAddr.Address)
8. Set a breakpoint after the call to Node.GetServers() in the test GetServersTest()
9. Debug the test GetServersTest()
10. Inspect the value of result1
11. Notice 10.0.0.1 is not in the list

I discovered that instead of using port 137, I have to use port 445 to detect the SMB server.

Thank you.

[ume05rw]

Hi, thanks for your pull requests the other day!

As you wrote, the current implementation cannot detect servers on port 445 (=Direct Hosting SMB). This is a mechanism to find servers that have NetBIOS name resolution enabled.

It is my understanding that DNS is responsible for finding SMB servers in environments where ports 137 and 138 are closed and only 445 is open (= directly hosted SMB only). #This SMB implementation is probably intended to be used in an Active Directory environment.

It is possible to detect this by trying to connect to TCP port 445. But it should follow the meaning of the protocol constraints and should not be implemented, in my opinion.