[jcifs] 0x1B names.
Michael B. Allen
mballen at erols.com
Mon Jul 30 14:21:47 EST 2001
On Sun, Jul 29, 2001 at 10:38:56AM +0200, James Nord wrote:
> Christopher R. Hertel wrote:
>
> >Quick question...
> >
> >(Yes, I ask a lot of these. I don't get many answers though. A shame.)
> >
> >The 0x1B name represents a Domain Master Browser (DMB). In Microsoft
> >terms this is also a PDC. Microsoft created a special extension to handle
> >these names. You can send a wildcard query with an 0x1B name type to a WINS
> >server and it will return a list of up to 25 DMB names.
> >
> >...or so I'm told. I'd like to see this in a capture, if anyone has one.
> >
> We have a MS Wins Server (NT 4), so I can capture one.
>
> How would I stimulate one to be captured??
Every 15 minutes a Domain Master Browser queries WINS for a list of domain
names. You would be able to see it in Netmon or Ethereal as a netbios
Named Query Request where the name started with an asterisk '*' and has
a type code of <1b>. If you run Ethereal on the same network as the DMB
(whithout a switch inbetween of course) you might capture it. The problem
is picking an appropriate filter for Ethereal so that you're not wading
through tons of junk. Even if you filter down to direct DMB <--> WINS
communication and name query requests only, you might get too much in 15
minutes. Anyone know a good filter for this? There's probably an easier
way to do it like set up you're own little DMB momentarily. Or reboot the
DMB and catch it making the call on boot.
Mike
More information about the jcifs
mailing list