Red Hat NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Información técnica Pagina 103

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 126
  • Tabla de contenidos
  • MARCADORES
  • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 102
Chapter 5. Samba management and troubleshooting 91
Viewing all the NetBIOS traffic to and from the server can be done using the command:
tethereal -i eth1 -p -f ‘port 137 or 138 or 139’
The p option runs the program without putting the interface into promiscuous mode. In many
companies, special permission must be granted before running a protocol analyzer in
promiscuous mode. The f option sets the filter string. Ports 137, 138, and 139 are all the
ports defined in /etc/services for NetBIOS traffic. The output of the command shown in
Example 5-18 contains mainly broadcast traffic.
Example 5-18 Show all NetBIOS traffic
linux:~ # tethereal -p -i eth1 -f 'port 137 or 138 or 139'
Capturing on eth1
0.000000 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
0.754595 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
1.509200 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
4.130283 78-ba897.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WTRNTDM<1c>
4.880309 78-ba897.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WTRNTDM<1c>
5.630557 78-ba897.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WTRNTDM<1c>
6.187107 ibm-qu7l6sr9cl6 -> 9.24.105.255 BROWSER Host Announcement KA6BRRA, Workstation,
Server, NT Workstation, NT Server, Backup Browser
7.085537 65652ksv -> 9.24.105.255 BROWSER Host Announcement M23CABXK, Workstation,
Server, NT Workstation, NT Server, Backup Browser
7.296587 m23x2640.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
7.761838 m23kk904.itso.ral.ibm.com -> 9.24.105.255 BROWSER Host Announcement M23KK904,
Workstation, Server, NT Workstation, NT Server, Potential Browser
8.045579 m23x2640.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
8.732341 byron5500.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WTRNTDM<1c>
8.732976 byron5500.itso.ral.ibm.com -> 9.24.105.255 NETLOGON SAM LOGON request from
client
8.795417 m23x2640.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
13.443810 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
14.197594 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
14.948812 itsons.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WTRNTBAK<20>
14.952186 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1b>
17.196362 wtrntbak.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB ITSONS<20>
18.684232 m23x2640.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1c>
19.434101 m23x2640.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1c>
20.183985 m23x2640.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1c>
22.820827 vdputteg.itso.ral.ibm.com -> 9.24.105.255 BROWSER Host Announcement VDPUTTEG,
Workstation, Server, NT Workstation, Potential Browser
23.912973 68622ksv -> 9.24.105.255 NBNS Name query NB BJD1MO<1b>
24.663972 68622ksv -> 9.24.105.255 NBNS Name query NB BJD1MO<1b>
24.882039 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1c>
25.414963 68622ksv -> 9.24.105.255 NBNS Name query NB BJD1MO<1b>
25.636634 a23ff426.itso.ral.ibm.com -> 9.24.105.255 NBNS Name query NB WORKGROUP<1c>
Filtering out all the broadcast traffic is done by including the host address in the filter string, as
shown in Example 5-19.
Example 5-19 Just NetBIOS traffic addressed to server
[root@portal1 root]# tethereal -p -i eth1 -f 'host 9.24.105.99 and (port 137 or 138 or
139)'
Capturing on eth1
0.000000 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SMB NT Create AndX Request, Path:
\srvsvc
0.003648 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SMB NT Create AndX Response, FID:
0x70b4
Vista de pagina 102
1 2 ... 98 99 100 101 102 103 104 105 106 107 108 ... 125 126

Comentarios a estos manuales

Sin comentarios