[Samba] Does this tell me anything? Traffic report
Brian Gregorcy
brian.gregorcy at utah.edu
Sun Jun 7 22:35:54 GMT 2009
Matt Burkhardt wrote:
> I'm trying to get Samba up and running and having a terrible time. It
> says that I should be able to run nmap and see that 137 and 139 are open
> - which they are not. I have not added any restrictions in smb.conf, do
> not have a firewall running and I have increased the log level to 5 to
> see all of the messages. It says that it is talking on 137 but it kind
> of looks like it's not talking back. Every time I run an smbclient -L
> Ubuntu from a machine on the network, I get
>
> Connection to Ubuntu failed (Error NT_STATUS_CONNECTION_REFUSED)
>
> I can ping Ubuntu, can ssh to the box so basic networking is happening.
> I downloaded Wireshark and watched the traffic when I typed smbclient -L
> on the client machine - 192.168.1.105 is the client and .100 is the
> server. It seems like it sends out an acknowledgement on port 445, but
> it just gives a quick reply.
>
> No. Time Source Destination Protocol
> Info
> 1 0.000000 192.168.1.100 192.168.1.255 NBNS
> Registration NB <01><02>__MSBROWSE__<02><01>
>
> Frame 1 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 2 0.001369 192.168.1.100 192.168.1.255 NBNS
> Registration NB <01><02>__MSBROWSE__<02><01>
>
> Frame 2 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 3 2.048286 192.168.1.100 192.168.1.255 NBNS
> Registration NB <01><02>__MSBROWSE__<02><01>
>
> Frame 3 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 4 2.049897 192.168.1.100 192.168.1.255 NBNS
> Registration NB WORKGROUP<1d>
>
> Frame 4 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 5 3.992878 192.168.1.100 192.168.1.255 NBNS
> Registration NB WORKGROUP<1d>
>
> Frame 5 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 6 3.994510 192.168.1.100 192.168.1.255 NBNS
> Registration NB WORKGROUP<1d>
>
> Frame 6 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 7 6.041147 192.168.1.100 192.168.1.255 NBNS
> Registration NB WORKGROUP<1d>
>
> Frame 7 (110 bytes on wire, 110 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns
> (137)
> NetBIOS Name Service
>
> No. Time Source Destination Protocol
> Info
> 8 6.043407 192.168.1.100 192.168.1.255 BROWSER
> Request Announcement
>
> Frame 8 (219 bytes on wire, 219 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port:
> netbios-dgm (138)
> NetBIOS Datagram Service
> SMB (Server Message Block Protocol)
> SMB MailSlot Protocol
> Microsoft Windows Browser Protocol
>
> No. Time Source Destination Protocol
> Info
> 9 6.046334 192.168.1.100 192.168.1.255 BROWSER
> Local Master Announcement UBUNTU, Workstation, Server, Domain
> Controller, Domain Member Server, Print Queue Server, Xenix Server, NT
> Workstation, NT Server, Master Browser, Domain Master Browser, Unknown
> server type:23
>
> Frame 9 (272 bytes on wire, 272 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port:
> netbios-dgm (138)
> NetBIOS Datagram Service
> SMB (Server Message Block Protocol)
> SMB MailSlot Protocol
> Microsoft Windows Browser Protocol
>
> No. Time Source Destination Protocol
> Info
> 10 6.048957 192.168.1.100 192.168.1.255 BROWSER
> Domain/Workgroup Announcement WORKGROUP, NT Workstation, Domain Enum
>
> Frame 10 (249 bytes on wire, 249 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Broadcast
> (ff:ff:ff:ff:ff:ff)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.255 (192.168.1.255)
> User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port:
> netbios-dgm (138)
> NetBIOS Datagram Service
> SMB (Server Message Block Protocol)
> SMB MailSlot Protocol
> Microsoft Windows Browser Protocol
>
> No. Time Source Destination Protocol
> Info
> 11 8.162855 192.168.1.105 128.118.25.3 NTP
> NTP client
>
> Frame 11 (90 bytes on wire, 90 bytes captured)
> Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
> Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e)
> Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 128.118.25.3
> (128.118.25.3)
> User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
> Network Time Protocol
>
> No. Time Source Destination Protocol
> Info
> 12 8.209652 128.118.25.3 192.168.1.105 NTP
> NTP server
>
> Frame 12 (90 bytes on wire, 90 bytes captured)
> Ethernet II, Src: Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e), Dst:
> Intel_6d:d7:6a (00:04:23:6d:d7:6a)
> Internet Protocol, Src: 128.118.25.3 (128.118.25.3), Dst: 192.168.1.105
> (192.168.1.105)
> User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)
> Network Time Protocol
>
> No. Time Source Destination Protocol
> Info
> 13 13.162470 Intel_6d:d7:6a Cisco-Li_d0:46:9e ARP
> Who has 192.168.1.1? Tell 192.168.1.105
>
> Frame 13 (42 bytes on wire, 42 bytes captured)
> Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
> Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e)
> Address Resolution Protocol (request)
>
> No. Time Source Destination Protocol
> Info
> 14 13.163964 Cisco-Li_d0:46:9e Intel_6d:d7:6a ARP
> 192.168.1.1 is at 00:0c:41:d0:46:9e
>
> Frame 14 (42 bytes on wire, 42 bytes captured)
> Ethernet II, Src: Cisco-Li_d0:46:9e (00:0c:41:d0:46:9e), Dst:
> Intel_6d:d7:6a (00:04:23:6d:d7:6a)
> Address Resolution Protocol (reply)
>
> No. Time Source Destination Protocol
> Info
> 15 20.059385 192.168.1.105 192.168.1.100 DNS
> Standard query A Ubuntu.imparisystems.local
>
> Frame 15 (86 bytes on wire, 86 bytes captured)
> Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
> Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
> Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst:
> 192.168.1.100 (192.168.1.100)
> User Datagram Protocol, Src Port: 40695 (40695), Dst Port: domain (53)
> Domain Name System (query)
>
> No. Time Source Destination Protocol
> Info
> 16 20.062132 192.168.1.100 192.168.1.105 DNS
> Standard query response A 192.168.1.100
>
> Frame 16 (116 bytes on wire, 116 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
> Intel_6d:d7:6a (00:04:23:6d:d7:6a)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.105 (192.168.1.105)
> User Datagram Protocol, Src Port: domain (53), Dst Port: 40695 (40695)
> Domain Name System (response)
>
> No. Time Source Destination Protocol
> Info
> 17 20.062615 192.168.1.105 192.168.1.100 TCP
> 36377 > microsoft-ds [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1977444
> TSER=0 WS=6
>
> Frame 17 (74 bytes on wire, 74 bytes captured)
> Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
> Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
> Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst:
> 192.168.1.100 (192.168.1.100)
> Transmission Control Protocol, Src Port: 36377 (36377), Dst Port:
> microsoft-ds (445), Seq: 0, Len: 0
>
> No. Time Source Destination Protocol
> Info
> 18 20.074673 192.168.1.100 192.168.1.105 TCP
> microsoft-ds > 36377 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
>
> Frame 18 (54 bytes on wire, 54 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
> Intel_6d:d7:6a (00:04:23:6d:d7:6a)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.105 (192.168.1.105)
> Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
> 36377 (36377), Seq: 1, Ack: 1, Len: 0
>
> No. Time Source Destination Protocol
> Info
> 19 20.093060 192.168.1.105 192.168.1.100 TCP
> 45084 > netbios-ssn [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1977451
> TSER=0 WS=6
>
> Frame 19 (74 bytes on wire, 74 bytes captured)
> Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
> Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
> Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst:
> 192.168.1.100 (192.168.1.100)
> Transmission Control Protocol, Src Port: 45084 (45084), Dst Port:
> netbios-ssn (139), Seq: 0, Len: 0
>
> No. Time Source Destination Protocol
> Info
> 20 20.095051 192.168.1.100 192.168.1.105 TCP
> netbios-ssn > 45084 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
>
> Frame 20 (54 bytes on wire, 54 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
> Intel_6d:d7:6a (00:04:23:6d:d7:6a)
> Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst:
> 192.168.1.105 (192.168.1.105)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:
> 45084 (45084), Seq: 1, Ack: 1, Len: 0
>
> No. Time Source Destination Protocol
> Info
> 21 25.145799 Cisco-Li_15:1c:11 Intel_6d:d7:6a ARP
> Who has 192.168.1.105? Tell 192.168.1.100
>
> Frame 21 (42 bytes on wire, 42 bytes captured)
> Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst:
> Intel_6d:d7:6a (00:04:23:6d:d7:6a)
> Address Resolution Protocol (request)
>
> No. Time Source Destination Protocol
> Info
> 22 25.145836 Intel_6d:d7:6a Cisco-Li_15:1c:11 ARP
> 192.168.1.105 is at 00:04:23:6d:d7:6a
>
> Frame 22 (42 bytes on wire, 42 bytes captured)
> Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst:
> Cisco-Li_15:1c:11 (00:18:39:15:1c:11)
> Address Resolution Protocol (reply)
>
> I'm running Ubuntu 8.04, DHCP, DNS and OpenLDAP on the server. Please -
> any help greatly appreciated!
>
> Thanks!
>
> --
> Matt Burkhardt, M.Sci. Technology Management
> mlb at imparisystems.com
> (301) 682-7901
> 502 Fairview Avenue
> Frederick, MD 21701
> http://www.imparisystems.com
>
Here is what mine looks like, 137 is using UDP:
> harley gregorcy # nmap -P0 humboldt
>
> Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-07 16:03 MDT
> Interesting ports on x.x.x (x.x.x.x):
> Not shown: 993 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 111/tcp open rpcbind
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds
> 2049/tcp open nfs
> 5666/tcp open nrpe
>
> Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
> harley gregorcy # nmap -sU humboldt
>
> Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-07 16:03 MDT
> Interesting ports on x.x.x.x (x.x.x.x):
> Not shown: 996 closed ports
> PORT STATE SERVICE
> 111/udp open|filtered rpcbind
> 137/udp open|filtered netbios-ns
> 138/udp open|filtered netbios-dgm
> 2049/udp open|filtered nfs
Where is your WINS server? Is both the samba server and the client machine pointed at the same WINS box?
--
Brian Gregorcy
IT Manager
University of Utah
Department of Chemical Engineering
More information about the samba
mailing list