In attempting to get something else working, I was running TCP dump,
watching specifically for broadcasted traffic, and I came across the
following puzzling output from TCPdump:

13:12:35.579986 10.10.10.251.138 > 10.10.10.255.138:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77B7 IP=10 (0xa).10 (0xa).10 (0xa).251 (
0xfb) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=NARF NameType=0x00 (Workstation)
DestName=LA NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)

13:12:35.580115 10.10.10.251.138 > 10.10.10.255.138:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77B8 IP=10 (0xa).10 (0xa).10 (0xa).251 (
0xfb) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
SourceName=NARF NameType=0x00 (Workstation)
DestName=`a NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)

This is on a 4.3-secure FreeBSD box behind a nat/firewall (Samba version 2.0.9).

The Firewall is an old 486 running 4.3-secure with natd and only ssh and
httpd ports open. (The SAMBA is running for one client (win98) that
happens to be off at the time of these messages).

Can anybody explain this (known bug in Samba???) or point me to a FAQ on
the topic?

For reference ... just noticed another occurrence:

13:24:36.307205 10.10.10.251.138 > 10.10.10.255.138:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77B9 IP=10 (0xa).10 (0xa).10 (0xa).251 (0xfb) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=NARF NameType=0x00 (Workstation)
DestName=LA NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)

13:24:36.307347 10.10.10.251.138 > 10.10.10.255.138:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x77BA IP=10 (0xa).10 (0xa).10 (0xa).251 (0xfb) Port=138 (0x8a) Length=205 (0xcd) Res2=0x0
SourceName=NARF NameType=0x00 (Workstation)
DestName=`a NameType=0x00 (Workstation)

SMB PACKET: SMBmkdir (REQUEST)
 
 
 
Thanks.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]