[Samba] Tracking down rogue workgroup
Ray Van Dolson
rvandolson at esri.com
Tue Jan 19 15:48:59 MST 2010
Hi folks. Periodically a workgroup shows up on our network with an
inappropriate name. We're trying to find the best way to track this
down as it's quite intermittent.
We can obviously look for announcement messages (in broadcast packets
on ports 138/139), but this must be done on each subnet and we have
enough subnets that this would be rather tedious and at best, a last
resort.
The workgroup is available to machines in every subnet, so apparently
its presence is getting relayed back to the domain controllers...
For protocol gurus: is there a particular packet we can look for on the
domain controllers that could help us narrow down our search to the
right subnet? A message from the local master browser sending a list
of workgroups perhaps?
Or a message updating WINS entries?
Any suggestions would be appreciated!
Thanks,
Ray
More information about the samba
mailing list