No subject


Mon Dec 1 12:27:21 GMT 2003


Testing from client side:
When NBTSTAT requests are issued from \\Win2K, I can see UDP packets
arriving on \\server (192.168.123.5)
I can see see \\server replying to \\Win2k with ICMP messages indicating
host unreachable.



Snoop traces taken from \\server follow:

1. Trace of nbtstat call from \\win2k
2. Trace of nmblookup call from \\server


---------------------------------------------------------------

This trace shows a client and server packet arriving and departing when
NBTSTAT -A is executed:

****Client packet arrives:

08/07-01:45:06.151613 0:9:7C:5:16:ED -> 0:10:4B:9F:DF:F type:0x800 len:0x5C
192.168.123.192:137 -> 192.168.123.5:137 UDP TTL:128 TOS:0x0 ID:49785
IpLen:20 DgmLen:78 Len: 58
                ^--- Note the use of 137 here.
                     If I set nmblookup to use 137, it fails too (see
example below)

82 5B 00 00 00 01 00 00 00 00 00 00 20 43 4B 41  .[.......... CKA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21  AAAAAAAAAAAAA..!
00 01                                            ..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

**** Server responds

08/07-01:45:06.151613 0:10:4B:9F:DF:F -> 0:9:7C:5:16:ED type:0x800 len:0x78
192.168.123.5 -> 192.168.123.192 ICMP TTL:255 TOS:0xC0 ID:32000 IpLen:20
DgmLen:106 DF
Type:3  Code:3  DESTINATION UNREACHABLE: PORT UNREACHABLE
** ORIGINAL DATAGRAM DUMP:
192.168.123.192:137 -> 192.168.123.5:137 UDP TTL:128 TOS:0x0 ID:49785
IpLen:20 DgmLen:78
Len: 58
** END OF DUMP
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


This trace shows a successful nmblookup executed from \\server :

***** Server sends packet:

08/07-01:49:46.361613 0:10:4B:9F:DF:F -> 0:9:7C:5:16:ED type:0x800 len:0x5C
192.168.123.5:1039 -> 192.168.123.192:137 UDP TTL:64 TOS:0x0 ID:0 IpLen:20
DgmLen:78 DF Len: 58

              ^--- If I add the -r option in nmblookup,
                   the port # will change to 137 as it is in first example
                   above, and the lookup will fail like it does from
Windows.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


**** Client responds

08/07-01:49:46.371613 0:9:7C:5:16:ED -> 0:10:4B:9F:DF:F type:0x800 len:0xFD
192.168.123.192:137 -> 192.168.123.5:1039 UDP TTL:128 TOS:0x0 ID:59352
IpLen:20 DgmLen:239 Len: 219

59 EF 84 00 00 00 00 01 00 00 00 00 20 43 4B 41  Y........... CKA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21  AAAAAAAAAAAAA..!
00 01 00 00 00 00 00 89 05 4D 42 4F 4D 42 45 54  .........MBOMBET
2D 57 32 4B 31 20 20 20 00 44 00 4D 42 4F 4D 42  -W2K1   .D.MBOMB
45 54 2D 57 32 4B 31 20 20 20 03 44 00 41 4D 45  ET-W2K1   .D.AME
52 20 20 20 20 20 20 20 20 20 20 20 00 C4 00 4D  R           ...M
42 4F 4D 42 45 54 2D 57 32 4B 31 24 20 20 03 44  BOMBET-W2K1$  .D
00 4D 42 4F 4D 42 45 54 2D 57 32 4B 31 20 20 20  .MBOMBET-W2K1
20 44 00 00 09 7C 05 16 ED 00 00 00 00 00 00 00   D...|..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 D5 00 81 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00                                         ...

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+






More information about the samba mailing list