[Samba] Misunderstanding of 'nmblookup' run results ! Why so ?
CpServiceSPb .
cpservicespb at gmail.com
Thu Jan 29 11:14:53 MST 2015
I have Ubuntu 14.04.LTS and some Windows 7 client, with for example IP
192.168.0.201.
I run nmblookup from Samba4 4.1.14 built in my own (without changes at
nmblookup) with the following parameter:
*nmblookup -A 192.168.0.201*
As there is defined at nmblookup, it query *<00> of specified IP.
So, I see non constant answers:
Sometimes for the first nmblookup run it shows answers where there weren' t
either node and workgroup names as case 1, or node there was, but workgroup
not at all as case 2 or empty workgroup as case 3. If I used *<20> I got
answer with node and workgroup names often *but not always*, sometimes I
got packets look like case 1.
*Case 1:*
nmb packet from 192.168.0.201(137) header: id=27220 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char ................ hex
00000000000000000000000000000000
answers 10 char ................ hex
00000000000000000000000000000000
answers 20 char ................ hex 000000000000000000000000000000
*Case 2:*
nmb packet from 192.168.0.201(137) header: id=27185 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .TV hex
01545620202020202020202020202020
answers 10 char ................ hex
00000000000000000000000000000000
answers 20 char ................ hex
00000000000000000000000000000000
answers 30 char ................ hex
00000000000000000000000000000000
answers 40 char . hex 00
*Case 3:*
nmb packet from 192.168.0.201(137) header: id=27185 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .TV hex
01545620202020202020202020202020
answers 10 char D.............. hex
20440000000000000000000000000000
answers 20 char ................ hex
00000000000000000000000000000000
answers 30 char ................ hex
00000000000000000000000000000000
answers 40 char . hex 00
Then answer look like case 4 may be or "full" answer.
*Case 4:*nmb packet from 192.168.0.201(35072) header: id=24910
opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .STUDIO hex 0153545544494F202020202020202020
answers 10 char ................ hex 00C40000000000000000000000000000
answers 20 char ................ hex 00000000000000000000000000000000
answers 30 char ................ hex 00000000000000000000000000000000
answers 40 char . hex 00
STUDIO <00> - <GROUP> M <ACTIVE>
MAC Address = 00-00-00-00-00-00
After that may be either "full" answer or some look like this:
*Сase 5:*
nmb packet from 192.168.0.201(35072) header: id=24910 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .STUDIO hex 0153545544494F202020202020202020
answers 10 char.STUDIO hex 0153545544494F202020202020202020
answers 30 char ................ hex 00C40000000000000000000000000000
answers 40 char ................ hex 00000000000000000000000000000000
answers 50 char . hex 00
STUDIO <00> - <GROUP> M <ACTIVE>
STUDIO <1e> - <GROUP> M <ACTIVE>
MAC Address = 00-00-00-00-00-00
or even so
*Case 6:*
nmb packet from 192.168.0.201(35072) header: id=6082 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .TV hex 03545620202020202020202020202020
answers 10 char .D.STUDIO hex 00440053545544494F20202020202020
answers 20 char ...TV hex 202000C4005456202020202020202020
answers 30 char D.......... hex 20202020204400000000000000000000
answers 40 char ................ hex 00000000000000000000000000000000
answers 50 char ................ hex 00000000000000000000000000000000
answers 60 char ..... hex 0000000000
TV <00> - M <ACTIVE>
STUDIO <00> - <GROUP> M <ACTIVE>
TV <20> - M <ACTIVE>
MAC Address = 00-00-00-00-00-00
And after this packet "full" answer was got only.
*"Full" answer Case:*
nmb packet from 192.168.0.201(35072) header: id=4851 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=33 rr_class=1 ttl=0
answers 0 char .TV hex 04545620202020202020202020202020
answers 10 char .D.STUDIO hex 00440053545544494F20202020202020
answers 20 char ...TV hex 202000C4005456202020202020202020
answers 30 char D.STUDIO hex 2020202020440053545544494F202020
answers 40 char .......... hex 2020202020201EC40000000000000000
answers 50 char ................ hex 00000000000000000000000000000000
answers 60 char ................ hex 00000000000000000000000000000000
answers 70 char ....... hex 00000000000000
TV <00> - M <ACTIVE>
STUDIO <00> - <GROUP> M <ACTIVE>
TV <20> - M <ACTIVE>
STUDIO <1e> - <GROUP> M <ACTIVE>
First, is it normal situation or not ?
Second, why is so unstable ? Why is there not always the same "full" answer
and begginning for the first time ?
What is/are reason/s of it ?
I tried to run nmbdlookup as with Samba4 runnign as without at Ubuntu.
Nothing changed.
More information about the samba
mailing list