System information
92 Deploying Samba on IBM Eserver BladeCenter
0.004048 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com DCERPC Bind: UUID
4b324fc8-1670-01d3-1278-5a47bf6ee188 ver 3.0
0.004636 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 DCERPC Bind ack: accept max_xmit:
5680 max_recv: 5680
0.004942 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SRVSVC rqst
SRV_NETSHAREENUM_ALL(...)
0.005174 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SRVSVC rply
SRV_NETSHAREENUM_ALL(...)
0.005622 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SMB Close Request, FID: 0x70b4
0.006655 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SMB Close Response
0.019751 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com DCERPC Request: opnum: 69 ctx_id:0
0.020213 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 DCERPC Response: call_id: 42
ctx_id:0
0.020788 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com DCERPC Request: opnum: 29 ctx_id:0
0.021137 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 DCERPC Response: call_id: 43
ctx_id:0
0.022742 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SMB NT Create AndX Request, Path:
\winreg
0.023053 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SMB NT Create AndX Response, FID:
0x70b5
0.025450 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com DCERPC Bind: UUID
338cd001-2244-31f1-aaaa-900038001003 ver 1.0
0.025590 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 DCERPC Bind ack: accept max_xmit:
5680 max_recv: 5680
0.027634 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com REG rqst REG_OPEN_HKLM(...)
0.027985 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 REG rply REG_OPEN_HKLM(...)
0.028677 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com REG rqst REG_OPEN_ENTRY(...)
0.029046 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 REG rply REG_OPEN_ENTRY(...)
0.029369 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com REG rqst REG_CLOSE(...)
0.029644 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 REG rply REG_CLOSE(...)
0.030157 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SMB Close Request, FID: 0x70b5
0.030380 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SMB Close Response
0.200396 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com TCP 1990 > netbios-ssn [ACK]
Seq=2101757969 Ack=383092087 Win=16667 Len=0
3.189731 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SMB Tree Connect AndX Request, Path:
\\PORTAL1\IPC$
3.191007 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SMB Tree Connect AndX Response
Capturing all the NetBIOS traffic from host jojo to the Samba server is accomplished by
command:
tethereal -p -i eth1 -f ‘host jojoj and (port 137 or 138 or 139)’
When the summary information is not enough to find the problem, the complete packet
decode is required. Using the V option causes tethereal to print the protocol tree for each
packet. Unless there only a few packets, the output should be piped to a file. The command
string in Example 5-20 displays all the NetBIOS traffic between the Samba server and client
jojo and sends the output to file /tmp/capture.
Example 5-20 Protocol tree output
tethereal -i eth1 -V -p -f 'host jojo and (port 137 or 138 or 139)' | tee /tmp/capture
Capturing on eth1
Frame 1 (74 on wire, 74 captured)
Arrival Time: Nov 15, 2002 13:11:25.157535000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 0.000000000 seconds
Frame Number: 1
Packet Length: 74 bytes
Capture Length: 74 bytes