Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 02 May 1998 11:38:02 -0300
From:      Capriotti <capriotti@geocities.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   TCPDUMP results - ppp samba NT
Message-ID:  <3.0.32.19691231210000.0091d930@pop.mpc.com.br>

next in thread | raw e-mail | index | archive | help
--=====================_894130682==_
Content-Type: text/plain; charset="us-ascii"

Hello all. I have setup a 2.2.1 box with TCPDUMP working and started
listening to vx0 (3COm pci card)

Allow me to give you a description of what is going on:

Now I have 3 machines networked:

1 -2.2.1 box w/ TCPDUMP listening to network
2 -2.2.5 box with [ppp -alias -auto mpc] and [Samba]
3 -NT 4 worksatayion w/ Service pack 3

2.2.1 machine is 150.150.150.129
2.2.5 box is     150.150.150.130
NT W 4 box is    150.150.150.131


I am ruiinig TCPDUMP from the 2.2.1 box 'cause I dont have 2.2.5 sources
here, so I can't listen to tun0 as it would be recommended.

After some tests, I have found that enabeling the filters below would stop
ppp from dialing in many cases:

set dfilter 2 deny udp src gt 49
set dfilter 3 deny udp dst gt 49
set dfilter 4 deny udp src lt 233
set dfilter 5 deny udp dst lt 49

PPP dos not dial when NT is booting up.

The result of tcpdump when NT is booting can be seen on file dump.txt
attached.


Now, when I try to browse the network, ppp starts dialing.

Result of tcpdump when i try to browse the network (simply double clicking
the "Networtk Neighborhood" icon) can be seen on the dump2.txt file.

Finally, dump3.txt shows a "Find Computer" operation looking for a computer
on the network.

For me, those files show that UDP call are baing made, and that those ports
are being covered by the ppp filtering.

Could someone take a look at those files and give me a couple of steps to
follow ? 

Thank you all !
--=====================_894130682==_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

10:48:10.352636 150.150.150.130.netbios-dgm > 150.150.150.255.netbios-dgm:=
 udp 215
10:49:13.740596 arp who-has 150.150.150.131 tell 150.150.150.131
10:49:14.735299 arp who-has 150.150.150.131 tell 150.150.150.131
10:49:15.737235 arp who-has 150.150.150.131 tell 150.150.150.131
10:49:20.062498 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:20.807123 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:21.558492 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:22.309936 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:29.746648 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:30.495707 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:31.247140 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:31.998592 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:32.755065 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:32.781424 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:=
 udp 201
10:49:33.501486 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:34.252927 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:35.004397 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:35.759361 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:=
 udp 201
10:49:35.943205 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:36.054806 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:36.687624 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:36.797840 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:37.439068 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:37.549279 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:38.190518 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:38.300730 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:39.053136 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:=
 udp 178
10:49:39.054352 0:f4:0:e0:0:0 2:0:0:0:45:0 4011 248:=20
			 1e6c 9696 9681 9696 96ff 008a 008a 00e0
			 10da 110a 0638 0000 0000 008a 00d8 0000
			 2045 4645 4a45 4f46 4446 4545 4645 4a45
			 4f43 4143 4143
10:49:39.054404 einstein.mpcnet.com.br.netbios-dgm >=
 150.150.150.255.netbios-dgm: udp 216
10:49:39.055025 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:=
 udp 201
10:49:39.055472 0:ed:0:e1:0:0 2:0:0:0:45:0 4011 241:=20
			 1e72 9696 9681 9696 96ff 008a 008a 00d9
			 e370 110a 0639 0000 0000 008a 00d1 0000
			 2045 4645 4a45 4f46 4446 4545 4645 4a45
			 4f43 4143 4143
10:49:39.055519 einstein.mpcnet.com.br.netbios-dgm >=
 150.150.150.255.netbios-dgm: udp 209
10:49:49.167711 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:49.913192 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:50.664614 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:49:51.416052 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 68
10:50:21.458314 150.150.150.130.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:50:21.459280 einstein.mpcnet.com.br.netbios-ns >=
 150.150.150.130.netbios-ns: udp 62

--=====================_894130682==_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

10:50:45.754746 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:=
 udp 174
10:50:45.754826 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:50:45.756159 einstein.mpcnet.com.br.netbios-dgm >=
 150.150.150.131.netbios-dgm: udp 183
10:50:45.822970 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:50:45.823977 einstein.mpcnet.com.br.netbios-ns >=
 150.150.150.131.netbios-ns: udp 62
10:50:45.824484 arp who-has einstein.mpcnet.com.br tell 150.150.150.131
10:50:45.824604 arp reply einstein.mpcnet.com.br is-at 0:20:af:f6:e4:18
10:50:45.824872 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: S=
 143861:143861(0) win 8192 <mss 1460> (DF)
10:50:45.825285 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: S=
 466638781:466638781(0) ack 143862 win 17520 <mss 1460> (DF)
10:50:45.825626 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .=
 ack 1 win 8760 (DF)
10:50:45.825793 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P=
 1:73(72) ack 1 win 8760 (DF)
10:50:45.860242 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: .=
 ack 73 win 17448 (DF)
10:50:45.907304 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 1:5(4) ack 73 win 17520 (DF)
10:50:45.907991 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P=
 73:247(174) ack 5 win 8756 (DF)
10:50:45.911852 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 5:78(73) ack 247 win 17520 (DF)
10:50:45.912656 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P=
 247:397(150) ack 78 win 8683 (DF)
10:50:45.949712 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 78:165(87) ack 397 win 17520 (DF)
10:50:45.950538 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P=
 397:507(110) ack 165 win 8596 (DF)
10:50:45.953470 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 165:265(100) ack 507 win 17520 (DF)
10:50:46.061145 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .=
 ack 265 win 8496 (DF)
10:50:46.061467 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 265:342(77) ack 507 win 17520 (DF)
10:50:46.261554 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .=
 ack 342 win 8419 (DF)
10:50:46.502053 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:50:47.253501 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50

--=====================_894130682==_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

10:54:26.886577 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P=
 144478:144588(110) ack 466639300 win 8242 (DF)
10:54:26.889193 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 1:101(100) ack 110 win 17520 (DF)
10:54:27.086804 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .=
 ack 101 win 8142 (DF)
10:54:27.087144 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P=
 101:178(77) ack 110 win 17520 (DF)
10:54:27.094069 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:54:27.287188 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .=
 ack 178 win 8065 (DF)
10:54:27.838290 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:54:28.589767 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:54:29.341939 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:54:30.092654 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50
10:54:30.844092 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp=
 50

--=====================_894130682==_--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19691231210000.0091d930>