Netbios in C#

=?iso-8859-1?q?Magnus_T=F6rnvall?= · Feb 21, 2007

Hi!

I'm trying to write a program that can tell if a remote computer is
running Windows or not. The thing is, it have to go very fast, so I
don't want to "connect" to the computer.

My plan is to send a netbios request and if I get a response I know
it's probably a Windows machine.

The problem is that I can't use the Netbios function in NETAPI32.DLL,
because I can't "translate" the NCB struct to C#.

So, can someone either show me how to convert the struct to C# or tell
me of a better or alternate way of solving my problem?

Michael Nemtsev · Feb 21, 2007

Hello Magnus,

Why not just to "ping" the remote computer?

MT> Hi!
MT>
MT> I'm trying to write a program that can tell if a remote computer is
MT> running Windows or not. The thing is, it have to go very fast, so I
MT> don't want to "connect" to the computer.
MT>
MT> My plan is to send a netbios request and if I get a response I know
MT> it's probably a Windows machine.
MT>
MT> The problem is that I can't use the Netbios function in
MT> NETAPI32.DLL, because I can't "translate" the NCB struct to C#.
MT>
MT> So, can someone either show me how to convert the struct to C# or
MT> tell me of a better or alternate way of solving my problem?
MT>
---
WBR, Michael Nemtsev [C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

Lebesgue · Feb 21, 2007

Hello Michael,

non-Windows computers do not reply to ping? My unix server does...

Michael Nemtsev · Feb 21, 2007

Hello Lebesgue,

They do. But take into account that on the remote machine firewall can be
turned on, so u can't see that machine even tryin' to ping

---
WBR, Michael Nemtsev [C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

L> Hello Michael,
L>
L> non-Windows computers do not reply to ping? My unix server does...
L>
L> L>

Hello Magnus,

Why not just to "ping" the remote computer?

MT> Hi!
MT> MT> I'm trying to write a program that can tell if a remote
computer
is
MT> running Windows or not. The thing is, it have to go very fast, so
I
MT> don't want to "connect" to the computer.
MT> MT> My plan is to send a netbios request and if I get a response
I
know
MT> it's probably a Windows machine.
MT> MT> The problem is that I can't use the Netbios function in
MT> NETAPI32.DLL, because I can't "translate" the NCB struct to C#.
MT> MT> So, can someone either show me how to convert the struct to
C# or
MT> tell me of a better or alternate way of solving my problem?
MT> ---
WBR, Michael Nemtsev [C# MVP]. My blog:
http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/
"The greatest danger for most of us is not that our aim is too high
and we miss it, but that it is too low and we reach it" (c)
Michelangelo

Click to expand...

Willy Denoyette [MVP] · Feb 21, 2007

Lebesgue said:
Hello Michael,

non-Windows computers do not reply to ping? My unix server does...

And most Windows computers do *not* reply to NetBIOS request? NetBIOS is no longer enabled
per default, and is non routable.
Note that most companies do even turn off NetBios over TCP/IP and use NetBIOS-less SMB,
standardizing name resolution on DNS for file and printer sharing.

Willy.

Lebesgue · Feb 21, 2007

Hello Michael,

I'm afraid you misunderstood the basic question. The OP wants to identify
computers on the network that are running windows.

Michael Nemtsev said:
Hello Lebesgue,

They do. But take into account that on the remote machine firewall can be
turned on, so u can't see that machine even tryin' to ping

---
WBR, Michael Nemtsev [C# MVP]. My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

L> Hello Michael,
L> L> non-Windows computers do not reply to ping? My unix server does...
L> L>

Hello Magnus,

Why not just to "ping" the remote computer?

MT> Hi!
MT> MT> I'm trying to write a program that can tell if a remote
computer
is
MT> running Windows or not. The thing is, it have to go very fast, so
I
MT> don't want to "connect" to the computer.
MT> MT> My plan is to send a netbios request and if I get a response
I
know
MT> it's probably a Windows machine.
MT> MT> The problem is that I can't use the Netbios function in
MT> NETAPI32.DLL, because I can't "translate" the NCB struct to C#.
MT> MT> So, can someone either show me how to convert the struct to
C# or
MT> tell me of a better or alternate way of solving my problem?
MT> ---
WBR, Michael Nemtsev [C# MVP]. My blog:
http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/
"The greatest danger for most of us is not that our aim is too high
and we miss it, but that it is too low and we reach it" (c)
Michelangelo

Click to expand...

Click to expand...

Michael Nemtsev · Feb 21, 2007

Hello Lebesgue,

L> Hello Michael,
L>
L> I'm afraid you misunderstood the basic question. The OP wants to
L> identify computers on the network that are running windows.

uups, hard day, u know ;

Michael Nemtsev · Feb 21, 2007

Hello Magnus,

I've missed your topic a little bit in my previous post

So, as was mentioned there you can't rely on netbios to detect OS

However, there are some ways to do this, not easy task but possible
I'd recommend u to google by "OS Fingerprint". This methods is based on heuristic
analysis of how OS respond to a selection of TCP/IP probes.

The main tools for this is "nmap"
You can read about nmap and the way of detection there http://insecure.org/nmap/osdetect/

---
WBR, Michael Nemtsev [C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

MT> Hi!
MT>
MT> I'm trying to write a program that can tell if a remote computer is
MT> running Windows or not. The thing is, it have to go very fast, so I
MT> don't want to "connect" to the computer.
MT>
MT> My plan is to send a netbios request and if I get a response I know
MT> it's probably a Windows machine.
MT>
MT> The problem is that I can't use the Netbios function in
MT> NETAPI32.DLL, because I can't "translate" the NCB struct to C#.
MT>
MT> So, can someone either show me how to convert the struct to C# or
MT> tell me of a better or alternate way of solving my problem?
MT>

=?iso-8859-1?q?Magnus_T=F6rnvall?= · Feb 22, 2007

Thanks for all the replies.

I have read about OS fingerprinting, but I'm worried that active
security programs will pick up on that process and flag my application
as a hacker tool.

I guess I can make the use of OS fingerprinting optional, and warn
about the risks when you activate it.

Is OS fingerprinting the only reliable way to determine the OS of a
remote computer, without connecting to it?

/Magnus

C to C#	11	Aug 5, 2009
How to disable NetBios in TcpClient	3	Apr 5, 2007
Send struct between a C# DLL and a C# application	3	Jun 27, 2011
PtrToStructure for pointer allocated in C++	1	Apr 14, 2010
Passing class/struct with methods to C++ DLL	4	Dec 1, 2008
How to define struct with array in C#?	2	Mar 13, 2008
[C#] Unmanaged DLL and Marshalling	0	May 27, 2010
System.Collections.Generic.IList<MicroLite.SerialNumber>' is lessaccessible than method	1	Dec 15, 2014

Netbios in C#

=?iso-8859-1?q?Magnus_T=F6rnvall?=

Michael Nemtsev

Lebesgue

Michael Nemtsev

Willy Denoyette [MVP]

Lebesgue

Michael Nemtsev

Michael Nemtsev

=?iso-8859-1?q?Magnus_T=F6rnvall?=

Ask a Question

Similar Threads