Can't see network neighbourhood
lukekendall at optushome.com.au
lukekendall at optushome.com.au
Mon Oct 29 05:06:20 GMT 2001
On 28 Oct, Joel Hammer wrote:
> > 17:21:20.937587 < coo.localdomain.1028 > posh.localdomain.netbios-ssn: S 1394810:1394810(0) win 8192 <mss 1460> (DF)
> > 17:21:20.937587 > posh.localdomain > coo.localdomain: icmp: posh.localdomain tcp port netbios-ssn unreachable (DF) [tos 0xc0]
>
> It is easier to sort out what tcpdump is trying to say if you use the -n
> option.
> It looks to me as though:
> 1. coo can find posh and send packets to it.
> 2. posh can find coo
> 3. posh can't send packets to coo on its port 139.
"posh" is the Linux machine that's the Samba server. I'll try the
tcpdump -n and stick that at the end. But I took your tip and
downloaded and compiled up nmap.
> The cryptic note with icmp means, just guessing here, that posh can't talk
> to the netbios-ssn port on the windows machine.
> This may be a windows problem. Have you got a firewall on the windows
> machine?
No, it's never had any kind of firewall software installed. I only
recently managed to get the ethernet card configured, so it's only been
on the local network for a few weeks. And I thought, "Hey, it was
pretty painless getting it to see the internet, it's time to set up
Samba!"
My wife has lots of files on it that haven't been backed up for many
months (not since I re-installed Windows and then had to figure out how
to get the network card going again under Windows). Plus it'd be nice
if she didn't have to keep using floppies to transfer files between the
2 machines!
> With nmap, here is what I see when I scan my windows clients.
>
> Interesting ports on hammer1.jhammer.org (192.168.0.1):
> (The 1521 ports scanned but not shown below are in state: closed)
> Port State Service
> 135/tcp open loc-srv
> 139/tcp open netbios-ssn
>
> You might get a copy of nmap and scan your windows box.
> (And yes, I am surprised that port 137 isn't open, but, what do I know about
> windows networking! I guess the windows clients don't offer nmbd type
> services.)
$ nmap coo
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on coo.localdomain (192.168.1.101):
(The 1548 ports scanned but not shown below are in state: closed)
Port State Service
139/tcp open netbios-ssn
So port 135 isn't available? What's loc-srv? Is this my problem, then?
I took a guess that you have to tell nmap to scan for udp ports
explicitly, skimmed the man page, and tried this with good success:
# nmap -sU coo
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on coo.localdomain (192.168.1.101):
(The 1450 ports scanned but not shown below are in state: closed)
Port State Service
137/udp open netbios-ns
138/udp open netbios-dgm
For comparison, here's the Linux machine:
# nmap -sU posh
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on posh.localdomain (192.168.1.100):
(The 1448 ports scanned but not shown below are in state: closed)
Port State Service
111/udp open sunrpc
137/udp open netbios-ns
138/udp open netbios-dgm
874/udp open unknown
FWIW, here's an nmap scan of the Samba server, posh:
$ nmap posh
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on posh.localdomain (192.168.1.100):
(The 1539 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
111/tcp open sunrpc
139/tcp open netbios-ssn
515/tcp open printer
587/tcp open submission
5680/tcp open canna
6000/tcp open X11
6001/tcp open X11:1
22273/tcp open wnn6
> As for the rest of the tcpdump output, it is hard for me to understand
> it because of the admixture of hostnames and ipnumbers.
> The -n switch will fix that.
Sorry, for me the coo and posh mentions are more familiar than the IP
addresses. I'll do one without and tack it on below.
> I also don't know the name/ip of your internet interface device.
It's 192.168.1.1 - I haven't given it a name.
> As far as using the dns, this is complicated by the dynamic assignment of ip
> numbers from your internet device. I just don't know how that is configured.
OptusHome (cable) supply the firewall appliance with an address via
dhcp; posh is set up to get an IP address via dhcp; and the firewall is
set up to hand out IP addresses on the local network via dhcp.
> Does is always supply coo and posh the same ip number? That might not
> matter, but it is a nagging thought.
Yep: I've got it set up so it does that, starting from address
192.168.1.100. That is always reliably chosen for posh. Similarly
..101 for coo, the Win95 machine.
> I would work on the port problem on the windows machine first,though.
> And, you do have a good firewall you understand on the internet network
> device? Otherwise, everybody might be able to mount your shared windows
> resources!
> Joel
It's a firewall appliance - http configurable and 4-port ethernet hub/
DSL cable router. Pretty sweet, actually; a bit bigger than a modem.
I wouldn't say I understand it in detail, but in principle I do, and
I'm pretty sure it's not interfering in traffic on the local network.
It's
FWIW, here's an nmap scan of it:
$ nmap 192.168.1.1
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.1.1):
(The 1548 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
Which looks good to me.
BTW, I had this advice from another Linux user, George Vieira on the
Sydney Linux User's Group list:
> One point, I have seen many windows 9X machines where the SMB system is
> screwed and required removal of "File and Print Sharing" off the
> machine/Reboot/Reinstall it and it'll work again.
>
> Usually after a boot up of Win9X, you have to wait a while before network
> neighbourhood collects a list of machines on the network.. if you can't get
> this list still after 5 minutes then you probably got this "File and Print
> Sharing" problem. You should also be able to see your self on the list, not
> just the linux box.
So, following that suggestion, below is what I get after removing "File and
printer sharing" and then rebooting. The 1st 3 broadcast lines are when I
double-clicked on "Entire network", which failed very quickly (under 1 sec).
The 2nd time took maybe 5 - 10 secs to fail (I hit Return to force a blank line
in the output):
# /usr/sbin/tcpdump -n -i eth1
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on eth1
23:37:23.557587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:37:23.567587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:37:23.617587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:37:38.387587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:37:38.397587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:37:38.407587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:38.407587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:37:38.917587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:38.917587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:37:39.417587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:39.417587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:37:39.417587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:39.927587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:39.927587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:37:39.927587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:40.177587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:40.437587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:40.437587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:37:40.437587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:40.687587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:40.927587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:40.947587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:40.947587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:37:40.947587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:41.197587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:41.437587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:41.457587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:37:41.457587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:41.697587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:41.947587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:42.207587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:42.447587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:37:42.967587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
Then I added "File and Printer sharing for Microsoft networks" back in
again. BTW, it's configured with Browse Master turned off, and "LM
announce" set to Yes. After rebooting and while logging in I started
tcpdump again and got this:
# /usr/sbin/tcpdump -n -i eth1
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on eth1
23:43:17.017587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:43:17.017587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:43:17.017587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:17.267587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:17.517587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:43:17.517587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:43:17.517587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:17.767587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:18.017587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:18.017587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:43:18.017587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:43:18.017587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:18.277587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:18.517587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:18.527587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:43:18.527587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:43:18.777587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:18.787587 B arp who-has 192.168.1.1 tell 192.168.1.101
23:43:19.037587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:19.527587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:43:26.177587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:43:32.247587 > 192.168.1.100.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138) (DF)
23:43:32.247587 > 192.168.1.100.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138) (DF)
23:43:46.077587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:44:01.207587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
Doing the same "double-click network neighbourhood" test again I
get this:
23:45:46.067587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:45:56.837587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:45:56.847587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:45:56.857587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:45:56.857587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:45:57.607587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:45:58.357587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:45:59.117587 B arp who-has 192.168.1.100 tell 192.168.1.101
23:45:59.117587 > arp reply 192.168.1.100 (0:e0:29:9e:ab:b9) is-at 0:e0:29:9e:ab:b9 (0:c0:df:ea:84:a)
23:45:59.117587 < 192.168.1.101.1025 > 192.168.1.100.netbios-ssn: S 200701:200701(0) win 8192 <mss 1460> (DF)
23:45:59.117587 > 192.168.1.100 > 192.168.1.101: icmp: 192.168.1.100 tcp port netbios-ssn unreachable (DF) [tos 0xc0]
23:46:01.387587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:02.367587 < 192.168.1.101.1025 > 192.168.1.100.netbios-ssn: S 200701:200701(0) win 8192 <mss 1460> (DF)
23:46:02.367587 > 192.168.1.100 > 192.168.1.101: icmp: 192.168.1.100 tcp port netbios-ssn unreachable (DF) [tos 0xc0]
23:46:04.117587 > arp who-has 192.168.1.101 tell 192.168.1.100 (0:e0:29:9e:ab:b9)
23:46:04.117587 < arp reply 192.168.1.101 is-at 0:c0:df:ea:84:a (0:e0:29:9e:ab:b9)
23:46:08.967587 < 192.168.1.101.1025 > 192.168.1.100.netbios-ssn: S 200701:200701(0) win 8192 <mss 1460> (DF)
23:46:08.967587 > 192.168.1.100 > 192.168.1.101: icmp: 192.168.1.100 tcp port netbios-ssn unreachable (DF) [tos 0xc0]
23:46:22.147587 < 192.168.1.101.1025 > 192.168.1.100.netbios-ssn: S 200701:200701(0) win 8192 <mss 1460> (DF)
23:46:22.147587 > 192.168.1.100 > 192.168.1.101: icmp: 192.168.1.100 tcp port netbios-ssn unreachable (DF) [tos 0xc0]
23:46:31.417587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:46.067587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C
23:46:48.517587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:46:48.517587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:49.017587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:46:49.017587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:49.017587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:49.527587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:46:49.527587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:49.527587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:49.777587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:50.037587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:46:50.037587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:50.037587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:50.287587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:50.527587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:50.547587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:46:50.547587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:50.547587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:50.797587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:51.037587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:51.057587 B 0:c0:df:ea:84:a > Broadcast sap e0 ui/C IPX/SMB
23:46:51.057587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:46:51.287587 B arp who-has 192.168.1.1 tell 192.168.1.101
23:46:51.297587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:51.547587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:52.057587 B 192.168.1.101.netbios-ns > 192.168.1.127.netbios-ns:NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:46:57.977587 > 192.168.1.100.33725 > 203.2.75.132.domain: 51866+ A? mail.optushome.com.au. (39) (DF)
23:47:01.487587 B 192.168.1.101.netbios-dgm > 192.168.1.127.netbios-dgm: NBT UDP (138)
23:47:02.977587 > arp who-has 192.168.1.1 tell 192.168.1.100 (0:e0:29:9e:ab:b9)
23:47:02.977587 < arp reply 192.168.1.1 is-at 0:4:5a:25:35:b (0:e0:29:9e:ab:b9)
23:47:02.987587 > 192.168.1.100.33726 > 198.142.0.51.domain: 51866+ A? mail.optushome.com.au. (39) (DF)
23:47:03.007587 < 198.142.0.51.domain > 192.168.1.100.33726: 51866* 1/2/2 A 203.2.75.209 (132)
23:47:03.007587 > 192.168.1.100.50056 > 203.2.75.209.pop3: S 1262889811:1262889811(0) win 5840 <mss 1460,sackOK,timestamp 30271088 0,nop,wscale 0> (DF)
I think mail started coming in then, so I've chopped it off. Also,
that took maybe a minute on the Win95 machine before popping up the
"Unable to browse the network" error panel.
Is any of this helpful? I really appreciate the help and advice you're
offering, BTW. I hope these emails aren't *too* tediously long. I'd
chop down the output if I knew enough to not accidentally throw away a
key piece of info.
BTW, in smb.conf I've set remote announce = 192.168.1.127 rather than
..255 because the firewall says that the subnet mask is 255.255.255.128.
I also haven't specified any "remote browse sync" there at all. I just
tried it now with it set to 192.168.1.127, but it doesn't seem to make
any difference. (So I've turned it back off and restarted samba again.)
luke
More information about the samba
mailing list