Re: reading your email via tcpdump

Mike Fedyk (mfedyk@matchmail.com)
Tue, 19 Mar 2002 10:11:30 -0800


On Tue, Mar 19, 2002 at 09:20:25AM -0500, John Jasen wrote:
> > > 16:42:49.412862 10.0.0.101.netbios-dgm > 10.255.255.255.netbios-dgm:
> > > >>> NBT UDP PACKET(138) Res=0x1102 ID=0x54 IP=10.0.0.101 Port=138 Length=193
> > > Res2=0x0
> > > SourceName=T1H6I3 NameType=0x00 (Workstation)
> > > DestName=
> > > SMB PACKET: SMBunknown (REQUEST)
> > > SMB Command = 0x43
> > > Error class = 0x46
> > > Error code = 20550
> > > Flags1 = 0x45
> > > Flags2 = 0x4E
> > > Tree ID = 17990
> > > Proc ID = 18000
> > > UID = 16720
> > > MID = 16707
> > > Word Count = 66
> > > SMBError = ERROR: Unknown error (70,20550)
>
> This looks like standard SMB garbage. It probably repeats on a regular
> basis. From what I remember, I think it is a Windows box browsing
> the network trying to discover other SMB boxes, finding a 'master
> browser', and other such stuff.
>
> I see it all the time when there are Windows machines about, and I'm
> running tcpdump.
>
> I imagine that someone who knows better, such as the Samba guys, would be
> able to tell you exactly whats going on, and maybe some other interesting
> tidbits of information.
>
> (I hate SMB ... its really chatty ...)

That's not the problem part of the tcpdump output. The problem is that part
of an email previously read on the linux box (with no samba runing. (also,
no smbfs MikeG?)) showed up in the tcpdump output...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/