If broadcast was 127, the subnet mask would be 25 bits long, not 24.
The reason 24 is relevant here is because the 24 bit subnet mask length
is used in the example, which renders the warning messages on my Debian
system. From RFC 1812 - "Requirements for IP Version 4 Routers":
"A network-prefix-directed broadcast is composed of the network prefix
of the IP address with a local part of all-ones or { <Network-
prefix>, -1 }. For example, a Class A net broadcast address is
net.255.255.255, a Class B net broadcast address is net.net.255.255
and a Class C net broadcast address is net.net.net.255 where net is a
byte of the network address."
Attached are two patches:
'range.patch0' adjusts the start and end IP addresses
in the 'ip_range1' function.
'nbtscan.patch0' fixes an infinite loop when the '-d' (dump)
or -v (-verbose) options are used. The loop is caused by
an 'off by 1' error (in the source) when the \0 is added
tacked on at 'name[16]' instead of 'name[15]', causing the
for loop iterator to be zeroed and never get to the end.
--- nbtscan.c.save 2009-04-25 23:56:13.000000000 -0400
+++ nbtscan.c 2009-04-26 00:00:36.000000000 -0400
@@ -164,7 +164,7 @@
for(i=0; i< hostinfo->header->number_of_names; i++) {
service = hostinfo->names[i].ascii_name[15];
strncpy(name, hostinfo->names[i].ascii_name, 15);
- name[16]=0;
+ name[15]=0;
unique = !(hostinfo->names[i].rr_flags & 0x0080);
if(sf) {
printf("%s%s%s%s", inet_ntoa(addr), sf, name, sf);
--- range.c.save 2009-04-23 23:46:48.000000000 -0400
+++ range.c 2009-04-23 23:55:00.000000000 -0400
@@ -58,6 +58,15 @@
range->start_ip=ntohl(range->start_ip); // We store ips in host byte order
range->start_ip &= mask;
range->end_ip = range->start_ip | ( ~ mask);
+
+ // Don't send to reserved addresses:
+ // 0 - Gateway
+ // 255 - Broadcast
+ if ((range->start_ip & 0x000000ff) == 0x00)
+ range->start_ip += 1;
+ if ((range->end_ip & 0x000000ff) == 0xff)
+ range->end_ip -= 1;
+
free(ip);
return 1;
}
