Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Oct 2001 13:38:14 -0500 (CDT)
From:      David La Croix <dlacroix@cowpie.acm.vt.edu>
To:        freebsd-security@freebsd.org
Cc:        dlacroix@cowpie.acm.vt.edu (David La Croix)
Subject:   SMBmkdir (REQUEST) packets in tcpdump?
Message-ID:  <200110031838.f93IcEe40800@cowpie.acm.vt.edu>
next in thread | raw e-mail | index | archive | help 
In attempting to get something else working, I was running TCP dump,
watching specifically for broadcasted traffic, and I came across the 
following puzzling output from TCPdump:

13:12:35.579986 10.10.10.251.138 > 10.10.10.255.138: 
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77B7 IP=10 (0xa).10 (0xa).10 (0xa).251 (
0xfb) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=NARF            NameType=0x00 (Workstation)
DestName=LA              NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)


13:12:35.580115 10.10.10.251.138 > 10.10.10.255.138: 
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77B8 IP=10 (0xa).10 (0xa).10 (0xa).251 (
0xfb) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
SourceName=NARF            NameType=0x00 (Workstation)
DestName=`a              NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)


This is on a 4.3-secure FreeBSD box behind a nat/firewall (Samba version 2.0.9).

The Firewall is an old 486 running 4.3-secure with natd and only ssh and 
httpd ports open.  (The SAMBA is running for one client (win98) that 
happens to be off at the time of these messages).

Can anybody explain this (known bug in Samba???)  or point me to a FAQ on 
the topic?

For reference ... just noticed another occurrence:

13:24:36.307205 10.10.10.251.138 > 10.10.10.255.138: 
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77B9 IP=10 (0xa).10 (0xa).10 (0xa).251 (0xfb) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=NARF            NameType=0x00 (Workstation)
DestName=LA              NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)


13:24:36.307347 10.10.10.251.138 > 10.10.10.255.138: 
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77BA IP=10 (0xa).10 (0xa).10 (0xa).251 (0xfb) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
SourceName=NARF            NameType=0x00 (Workstation)
DestName=`a              NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)
 
 
 
Thanks.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110031838.f93IcEe40800>