On Tue, 19 Mar 2002, Mike Fedyk wrote:
> On Tue, Mar 19, 2002 at 09:20:25AM -0500, John Jasen wrote:
> > > > 16:42:49.412862 10.0.0.101.netbios-dgm > 10.255.255.255.netbios-dgm:
> > > > >>> NBT UDP PACKET(138) Res=0x1102 ID=0x54 IP=10.0.0.101 Port=138 Length=193
> > > > Res2=0x0
> > > > SourceName=T1H6I3 NameType=0x00 (Workstation)
> > > > DestName=
> > > > SMB PACKET: SMBunknown (REQUEST)
> > > > SMB Command = 0x43
> > > > Error class = 0x46
> > > > Error code = 20550
> > > > Flags1 = 0x45
> > > > Flags2 = 0x4E
> > > > Tree ID = 17990
> > > > Proc ID = 18000
> > > > UID = 16720
> > > > MID = 16707
> > > > Word Count = 66
> > > > SMBError = ERROR: Unknown error (70,20550)
> >
> > This looks like standard SMB garbage. It probably repeats on a regular
> > basis. From what I remember, I think it is a Windows box browsing
> > the network trying to discover other SMB boxes, finding a 'master
> > browser', and other such stuff.
> >
> > I see it all the time when there are Windows machines about, and I'm
> > running tcpdump.
> >
> > I imagine that someone who knows better, such as the Samba guys, would be
> > able to tell you exactly whats going on, and maybe some other interesting
> > tidbits of information.
> >
> > (I hate SMB ... its really chatty ...)
>
> That's not the problem part of the tcpdump output. The problem is that part
> of an email previously read on the linux box (with no samba runing. (also,
> no smbfs MikeG?)) showed up in the tcpdump output...
Yes. That's exactly what worried me. (no clue as to security issues)
-Mike
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Mar 23 2002 - 22:00:18 EST