[Samba] Does this tell me anything? Traffic report
Matt Burkhardt
mlb at imparisystems.com
Sun Jun 7 17:59:39 GMT 2009
I'm trying to get Samba up and running and having a terrible time. It
says that I should be able to run nmap and see that 137 and 139 are open
- which they are not. I have not added any restrictions in smb.conf, do
not have a firewall running and I have increased the log level to 5 to
see all of the messages. It says that it is talking on 137 but it kind
of looks like it's not talking back. Every time I run an smbclient -L
Ubuntu from a machine on the network, I get
Connection to Ubuntu failed (Error NT_STATUS_CONNECTION_REFUSED)
I can ping Ubuntu, can ssh to the box so basic networking is happening.
I downloaded Wireshark and watched the traffic when I typed smbclient -L
on the client machine - 192.168.1.105 is the client and .100 is the
server. It seems like it sends out an acknowledgement on port 445, but
it just gives a quick reply.
No. Time Source Destination Protocol
Info
1 0.000000 192.168.1.100 192.168.1.255 NBNS
Registration NB <01><02>__MSBROWSE__<02><01>
Frame 1 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
2 0.001369 192.168.1.100 192.168.1.255 NBNS
Registration NB <01><02>__MSBROWSE__<02><01>
Frame 2 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
3 2.048286 192.168.1.100 192.168.1.255 NBNS
Registration NB <01><02>__MSBROWSE__<02><01>
Frame 3 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
4 2.049897 192.168.1.100 192.168.1.255 NBNS
Registration NB WORKGROUP<1d>
Frame 4 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
5 3.992878 192.168.1.100 192.168.1.255 NBNS
Registration NB WORKGROUP<1d>
Frame 5 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
6 3.994510 192.168.1.100 192.168.1.255 NBNS
Registration NB WORKGROUP<1d>
Frame 6 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
7 6.041147 192.168.1.100 192.168.1.255 NBNS
Registration NB WORKGROUP<1d>
Frame 7 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
(137)
NetBIOS Name Service
No. Time Source Destination Protocol
Info
8 6.043407 192.168.1.100 192.168.1.255 BROWSER
Request Announcement
Frame 8 (219 bytes on wire, 219 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port:
netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol
No. Time Source Destination Protocol
Info
9 6.046334 192.168.1.100 192.168.1.255 BROWSER
Local Master Announcement UBUNTU, Workstation, Server, Domain
Controller, Domain Member Server, Print Queue Server, Xenix Server, NT
Workstation, NT Server, Master Browser, Domain Master Browser, Unknown
server type:23
Frame 9 (272 bytes on wire, 272 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port:
netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol
No. Time Source Destination Protocol
Info
10 6.048957 192.168.1.100 192.168.1.255 BROWSER
Domain/Workgroup Announcement WORKGROUP, NT Workstation, Domain Enum
Frame 10 (249 bytes on wire, 249 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port:
netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol
No. Time Source Destination Protocol
Info
11 8.162855 192.168.1.105 128.118.25.3 NTP
NTP client
Frame 11 (90 bytes on wire, 90 bytes captured)
Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 128.118.25.3
(128.118.25.3)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Network Time Protocol
No. Time Source Destination Protocol
Info
12 8.209652 128.118.25.3 192.168.1.105 NTP
NTP server
Frame 12 (90 bytes on wire, 90 bytes captured)
Ethernet II, Src: Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e), Dst:
Intel_6d:d7:6a (00:04:23:6d:d7:6a)
Internet Protocol, Src: 128.118.25.3 (128.118.25.3), Dst: 192.168.1.105
(192.168.1.105)
User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
Network Time Protocol
No. Time Source Destination Protocol
Info
13 13.162470 Intel_6d:d7:6a Cisco-Li_d0:46:9e ARP
Who has 192.168.1.1? Tell 192.168.1.105
Frame 13 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e)
Address Resolution Protocol (request)
No. Time Source Destination Protocol
Info
14 13.163964 Cisco-Li_d0:46:9e Intel_6d:d7:6a ARP
192.168.1.1 is at 00:0c:41:d0:46:9e
Frame 14 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e), Dst:
Intel_6d:d7:6a (00:04:23:6d:d7:6a)
Address Resolution Protocol (reply)
No. Time Source Destination Protocol
Info
15 20.059385 192.168.1.105 192.168.1.100 DNS
Standard query A Ubuntu.imparisystems.local
Frame 15 (86 bytes on wire, 86 bytes captured)
Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst:
192.168.1.100 (192.168.1.100)
User Datagram Protocol, Src Port: 40695 (40695), Dst Port: domain (53)
Domain Name System (query)
No. Time Source Destination Protocol
Info
16 20.062132 192.168.1.100 192.168.1.105 DNS
Standard query response A 192.168.1.100
Frame 16 (116 bytes on wire, 116 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
Intel_6d:d7:6a (00:04:23:6d:d7:6a)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.105 (192.168.1.105)
User Datagram Protocol, Src Port: domain (53), Dst Port: 40695 (40695)
Domain Name System (response)
No. Time Source Destination Protocol
Info
17 20.062615 192.168.1.105 192.168.1.100 TCP
36377 > microsoft-ds [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1977444
TSER=0 WS=6
Frame 17 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst:
192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: 36377 (36377), Dst Port:
microsoft-ds (445), Seq: 0, Len: 0
No. Time Source Destination Protocol
Info
18 20.074673 192.168.1.100 192.168.1.105 TCP
microsoft-ds > 36377 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 18 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
Intel_6d:d7:6a (00:04:23:6d:d7:6a)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
36377 (36377), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
19 20.093060 192.168.1.105 192.168.1.100 TCP
45084 > netbios-ssn [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1977451
TSER=0 WS=6
Frame 19 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst:
192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: 45084 (45084), Dst Port:
netbios-ssn (139), Seq: 0, Len: 0
No. Time Source Destination Protocol
Info
20 20.095051 192.168.1.100 192.168.1.105 TCP
netbios-ssn > 45084 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 20 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
Intel_6d:d7:6a (00:04:23:6d:d7:6a)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
192.168.1.105 (192.168.1.105)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
45084 (45084), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
21 25.145799 Cisco-Li_15:1c:11 Intel_6d:d7:6a ARP
Who has 192.168.1.105? Tell 192.168.1.100
Frame 21 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
Intel_6d:d7:6a (00:04:23:6d:d7:6a)
Address Resolution Protocol (request)
No. Time Source Destination Protocol
Info
22 25.145836 Intel_6d:d7:6a Cisco-Li_15:1c:11 ARP
192.168.1.105 is at 00:04:23:6d:d7:6a
Frame 22 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
Address Resolution Protocol (reply)
I'm running Ubuntu 8.04, DHCP, DNS and OpenLDAP on the server. Please -
any help greatly appreciated!
Thanks!
--
Matt Burkhardt, M.Sci. Technology Management
mlb at imparisystems.com
(301) 682-7901
502 Fairview Avenue
Frederick, MD 21701
http://www.imparisystems.com
More information about the samba
mailing list