Apple OS X SMB issues across VPN

Christopher R. Hertel crh at
Thu Oct 20 20:46:26 GMT 2005

On Thu, Oct 20, 2005 at 02:14:20PM -0600, Dan Tappin wrote:
> I had this explanation given to me:
> >  it's basically whether the filesystem request packets are wrapped  
> >in the old NetBIOS
> >  headers.  NBT transport is on port 139 while the naked CIFS is on  
> >445.  

That's close enough.  As it turns out, both NBT and naked TCP transports 
wrap the SMB packets in the same header.  The only difference between the 
two is that NBT requires a NetBIOS Session Request/Response before 
establishing the connection.

The real key to NBT is what happens on port 137/UDP.  That's where the 
namespace management occurs.

...but that's not important to the issues you're dealing with.

> xserve:~ admin$ netstat -an |grep 139 ; netstat -an |grep 445
> tcp4       0      0      
> tcp4       0      0      
> ...snip...
> tcp4       0      0      
> tcp4       0      0  *.139                  *.*                     
> tcp4       0      0      
> tcp4       0      0  *.445                  *.*                     
> xserve:~ admin$
> is my Xserve running Samba.

Yep.  It's listening on both 139 and 445, but most of the clients are 
connecting to port 139.  At least one client ( is connected 
to port 445.  Hmmm...

Samba can handle that just fine, but it's worth keeping in mind.

> >As I recall, the problem was incredible
> >slowness once connected.  File transfers (reads and writes) were  
> >okay, but
> >directory listing was very slow.  Is that right?
> Yes that is the problem exactly.  The local LAN 192.168.0.* is fine  
> but the VPN LAN 192.168.2.* is awful.  They can see the shares but  
> directory listings / transfers are unusable.

Are file transfers slow as well, or are they working correctly?

Also, is it only Mac to Mac or are Windows clients also having trouble 
talking to the Xserve?

> tcpdump is standard on OS X but I'm at a loss as to which CLI options  
> I need to add to get the data you are looking for.

# tcpdump -i <interface> -s0 -w capture.cap host

...then let it run while you try to browse up and down in any directories.

Once you've got the capture, copy it to a machine that has Ethereal (easy
install on Windows and Linux) and take a look.  Make sure there's no
sensitive data in the capture before offering to show it to anyone (like
me).  (Yes, that's obvious but it's easy to forget.)

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list