Date: Sun, 3 Sep 2000 15:56:13 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Janko van Roosmalen <janko@compuserve.com> Cc: Greg Lehey <grog@lemis.com>, FreeBSD Questions <questions@FreeBSD.ORG>, groggy@iname.com Subject: Re: signature? Message-ID: <20000903155613.O62475@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.10.10009032200490.299-100000@parmenides.utp.net>; from janko@compuserve.com on Sun, Sep 03, 2000 at 10:26:18PM %2B0200 References: <20000903085224.I17337@wantadilla.lemis.com> <Pine.BSF.4.10.10009032200490.299-100000@parmenides.utp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 03, 2000 at 10:26:18PM +0200, Janko van Roosmalen wrote: > The "netbios-ns" makes me think of a Windows 95/98/NT station or a > Samba server. > > Checking "/etc/services" however points to a bootp client. > > bootpc 68/tcp # BOOTP client > bootpc 68/udp Uhh, but where do you see any traffic on this port? [attributions lost in previous replies] > > > this is the full sequence ... > > > > > > 05:13:24.048994 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:24.049044 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:24.168796 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:24.168828 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:24.308786 groggy.51488 > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:24.308822 groggy.51488 > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:24.428758 groggy.46346 > 208.151.115.193.netbios-ns: udp 68 > > > <snip> > > > 05:13:25.528810 groggy.32996 > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.528842 groggy.32996 > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.548800 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.548831 209-193-28-245.adsl.jnu.acsalaska.net.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.668925 groggy.45057 > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.668957 groggy.45057 > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.699102 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.699133 groggy.netbios-ns > 208.151.115.193.netbios-ns: udp 68 > > > 05:13:25.808811 groggy.46773 > 208.151.115.193.netbios-ns: udp 68 > > > <snip> I see 'netbios-ns' (137), 51488, 46346, 32996, 45057, and 46773 ports and every single one is sent to port 137. Are you talking about that trailing 68, the packet size? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000903155613.O62475>