Date: Sat, 02 May 1998 12:48:40 -0300 From: Capriotti <capriotti@geocities.com> To: freebsd-questions@FreeBSD.ORG Subject: TCPDUMP results - ppp samba NT Message-ID: <3.0.32.19980502124826.00928b30@pop.mpc.com.br>
next in thread | raw e-mail | index | archive | help
--=====================_894134920==_ Content-Type: text/plain; charset="us-ascii" [I apologize for reposting this and my mistake: attached files were included on the body of text, probably making it difficult to analize; Now they are attachements] Hello all. I have setup a 2.2.1 box with TCPDUMP working and started listening to vx0 (3COm pci card) Allow me to give you a description of what is going on: Now I have 3 machines networked: 1 -2.2.1 box w/ TCPDUMP listening to network 2 -2.2.5 box with [ppp -alias -auto mpc] and [Samba] 3 -NT 4 worksatayion w/ Service pack 3 2.2.1 machine is 150.150.150.129 2.2.5 box is 150.150.150.130 NT W 4 box is 150.150.150.131 I am ruiinig TCPDUMP from the 2.2.1 box 'cause I dont have 2.2.5 sources here, so I can't listen to tun0 as it would be recommended. After some tests, I have found that enabeling the filters below would stop ppp from dialing in many cases: set dfilter 2 deny udp src gt 49 set dfilter 3 deny udp dst gt 49 set dfilter 4 deny udp src lt 233 set dfilter 5 deny udp dst lt 49 PPP dos not dial when NT is booting up. The result of tcpdump when NT is booting can be seen on file dump.txt attached. Now, when I try to browse the network, ppp starts dialing. Result of tcpdump when i try to browse the network (simply double clicking the "Networtk Neighborhood" icon) can be seen on the dump2.txt file. Finally, dump3.txt shows a "Find Computer" operation looking for a computer on the network. For me, those files show that UDP call are baing made, and that those ports are being covered by the ppp filtering. Could someone take a look at those files and give me a couple of steps to follow ? One aditional fact: when setting up my network card, during the installation, I'v set the Gateway and Name Server for the network 200.246.0.252, which are my ISP's values for those. Is that correct, and can this be interfering ? If yes, what values should I put there ? Thank you all ! --=====================_894134920==_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 10:48:10.352636 150.150.150.130.netbios-dgm > 150.150.150.255.netbios-dgm:= udp 215 10:49:13.740596 arp who-has 150.150.150.131 tell 150.150.150.131 10:49:14.735299 arp who-has 150.150.150.131 tell 150.150.150.131 10:49:15.737235 arp who-has 150.150.150.131 tell 150.150.150.131 10:49:20.062498 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:20.807123 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:21.558492 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:22.309936 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:29.746648 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:30.495707 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:31.247140 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:31.998592 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:32.755065 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:32.781424 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:= udp 201 10:49:33.501486 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:34.252927 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:35.004397 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:35.759361 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:= udp 201 10:49:35.943205 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:36.054806 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:36.687624 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:36.797840 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:37.439068 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:37.549279 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:38.190518 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:38.300730 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:39.053136 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:= udp 178 10:49:39.054352 0:f4:0:e0:0:0 2:0:0:0:45:0 4011 248:=20 1e6c 9696 9681 9696 96ff 008a 008a 00e0 10da 110a 0638 0000 0000 008a 00d8 0000 2045 4645 4a45 4f46 4446 4545 4645 4a45 4f43 4143 4143 10:49:39.054404 einstein.mpcnet.com.br.netbios-dgm >= 150.150.150.255.netbios-dgm: udp 216 10:49:39.055025 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:= udp 201 10:49:39.055472 0:ed:0:e1:0:0 2:0:0:0:45:0 4011 241:=20 1e72 9696 9681 9696 96ff 008a 008a 00d9 e370 110a 0639 0000 0000 008a 00d1 0000 2045 4645 4a45 4f46 4446 4545 4645 4a45 4f43 4143 4143 10:49:39.055519 einstein.mpcnet.com.br.netbios-dgm >= 150.150.150.255.netbios-dgm: udp 209 10:49:49.167711 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:49.913192 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:50.664614 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:49:51.416052 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 68 10:50:21.458314 150.150.150.130.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:50:21.459280 einstein.mpcnet.com.br.netbios-ns >= 150.150.150.130.netbios-ns: udp 62 --=====================_894134920==_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 10:50:45.754746 150.150.150.131.netbios-dgm > 150.150.150.255.netbios-dgm:= udp 174 10:50:45.754826 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:50:45.756159 einstein.mpcnet.com.br.netbios-dgm >= 150.150.150.131.netbios-dgm: udp 183 10:50:45.822970 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:50:45.823977 einstein.mpcnet.com.br.netbios-ns >= 150.150.150.131.netbios-ns: udp 62 10:50:45.824484 arp who-has einstein.mpcnet.com.br tell 150.150.150.131 10:50:45.824604 arp reply einstein.mpcnet.com.br is-at 0:20:af:f6:e4:18 10:50:45.824872 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: S= 143861:143861(0) win 8192 <mss 1460> (DF) 10:50:45.825285 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: S= 466638781:466638781(0) ack 143862 win 17520 <mss 1460> (DF) 10:50:45.825626 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .= ack 1 win 8760 (DF) 10:50:45.825793 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P= 1:73(72) ack 1 win 8760 (DF) 10:50:45.860242 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: .= ack 73 win 17448 (DF) 10:50:45.907304 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 1:5(4) ack 73 win 17520 (DF) 10:50:45.907991 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P= 73:247(174) ack 5 win 8756 (DF) 10:50:45.911852 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 5:78(73) ack 247 win 17520 (DF) 10:50:45.912656 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P= 247:397(150) ack 78 win 8683 (DF) 10:50:45.949712 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 78:165(87) ack 397 win 17520 (DF) 10:50:45.950538 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P= 397:507(110) ack 165 win 8596 (DF) 10:50:45.953470 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 165:265(100) ack 507 win 17520 (DF) 10:50:46.061145 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .= ack 265 win 8496 (DF) 10:50:46.061467 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 265:342(77) ack 507 win 17520 (DF) 10:50:46.261554 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .= ack 342 win 8419 (DF) 10:50:46.502053 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:50:47.253501 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 --=====================_894134920==_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 10:54:26.886577 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: P= 144478:144588(110) ack 466639300 win 8242 (DF) 10:54:26.889193 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 1:101(100) ack 110 win 17520 (DF) 10:54:27.086804 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .= ack 101 win 8142 (DF) 10:54:27.087144 einstein.mpcnet.com.br.netbios-ssn > 150.150.150.131.1028: P= 101:178(77) ack 110 win 17520 (DF) 10:54:27.094069 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:54:27.287188 150.150.150.131.1028 > einstein.mpcnet.com.br.netbios-ssn: .= ack 178 win 8065 (DF) 10:54:27.838290 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:54:28.589767 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:54:29.341939 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:54:30.092654 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 10:54:30.844092 150.150.150.131.netbios-ns > 150.150.150.255.netbios-ns: udp= 50 --=====================_894134920==_-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19980502124826.00928b30>