Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Re: NetBios Filters
Well, here's my interpretation of the packet, and my 2 cents:
--Ethernet
00:00:c0:d3:9d:ad -> 00:c0:7b:5c:dd:a7
Sender: Western Digital now SMC (Std. Microsystems Corp.)
Receiver: Ascend Communications
NextProtocol: Internet IP (IPv4)
--IP
255.217.97.18 -> 255.217.48.2
NextProtocol: TCP
--Packet
2e cc 4f 59 00 00 ..OY..
If you want, you can decode the tcp innards further, but do you really
want to stop packets like this one from bringing up your wan?
If DNS is a problem, try running a local DNS server. I don't know enough
about WINS to comment on that aspect.
Thanks,
Dr. Wolfgang Beneicke wrote:
>
> I just read the FAQ Kevin Smith mentioned for the description of NetBEUI
> filters (http://www.ascend.com/faqs/750/786-faq.html) and it looks to me
> that a long, long thread is going to start again in this list...
>
> Basically it describes how to filter UDP traffic on ports 137-139. I've
> tried that in the past (having a NT 3.51 workstation behind a P50) with
> little success. As suggested on this list I even filtered TCP traffic on
> these ports with the same effect. Strange, before joining the Ascend
> list I always thought that Ethernet traffic in general and binary
> matches in particular were deterministic actions, i.e. when I do exactly
> what somebody else describes what I have to do to filter some sort of
> traffic it would just work. I am not sure anymore ;->
>
> Then I used the debug method to determine the packet that causes the
> dial-out (debug mode/wdd). It looked like:
>
> WD_DIALOUT_DISP: chunk 25B6DE type OLD-STYLE-PADDED.
> : 44 octets @ 2864A8
>
> 00 C0 7B 5C DD A7 destination MAC
> 00 00 C0 D3 9D AD source MAC
> 08 00 type IP
> 45 00 00 2C 8B 54 ???
> 40 00 1F 06 13 B1 ???
> FF D9 61 12 149.xxx.97.18 <NT host>
> FF D9 30 02 149.xxx.48.2 <DNS name server>
> 06 C8 00 6E 2E CC ???
> 4F 59 00 00 ???
>
> I couldn't decode it fully but from the addresses I guessed it was a
> WINS call to the name server, thus totally legal.
> In contrast to the FAQ I think that configuring WINS is not causing
> grief for NT users. WINS is comparable to DNS, it's a service you need
> on the LAN. If you filter it you'll miss it. Of course, the local NT
> machines should be listed in a local LMHOSTS file to reduce this kind of
> traffic.
>
> Still not happy with a call every 10 minutes I searched the MS
> website/Knowledge Base for the dialup issue. I found two texts dealing
> with NT browser lookups and Domain Controller lookups:
>
> Information on Browser Operation
> Article ID: Q102878
> Revision Date: 24-SEP-1996
>
> Browsing & Other Traffic Incur High Costs over ISDN Routers
> Article ID: Q134985
> Revision Date: 03-SEP-1996
>
> In essence my trouble started when I connected to a NT domain and became
> part of it. When I log off NT generates a list of all known domains the
> NT workstation is part of and this causes a dial-out. Solution: I don't
> log off anymore :-)
>
> And there are frequent browser updates and such associated with domain
> membership as outlined in the first MS article. In the second MS article
> I found registry keys which control the frequency of the updates. I
> changed them from 10 minutes to 1 day and I can live with it now.
>
> This "solution" does not impair NT browsing other than the browsing list
> sometimes is 1 day old whereas with filtering I would not get any
> browsing information. (Besides, filtering did never work for me, either
> because I am too dumb to copy Ascend's FAQ or I mix up In and Out...)
>
> Then somebody suggested using IP only. Of course you can transfer files
> with an ftp client, you could mount NFS drives using 3rd party software,
> you could even telnet into a NT box with additional software. But, alas,
> there is one thing I experienced that will only work with NetBEUI
> enabled. Sometimes the remote domain controller won't authenticate me.
> For whatever reasons (mumble, mumble, "Your set of permissions do not
> match the requested permissions..."), and sure next day it _will_ let me
> in.
> The workaround is to mount an NT drive in File Manager (via NetBEUI) -
> the only place where NT will ask you for a username and password if it
> thinks you are not authorized to come in the easy way. All other silent
> logins (via RPC) will not ask but refuse the request. The eventlog for
> example. So I keep NetBEUI alive, and sometimes it's only convenient to
> mount a drive in File Manager.
>
> Hope this makes the "NT filtering" thing a bit easier for all of us who
> are suffering from MS operating systems. One day MS will give up NetBEUI
> altogether in favor of IP and Ascend's users will be happy again.
>
> Sorry if this post got a bit longer.
>
> Cheers,
> Wolfgang
>
> _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
> B E N E I C K E
> EDV-Beratung
> ________________________________________________________________________
> Netzwerk-Design - 3Com Solution Partner
> ISDN Remote Access - ASCEND Vertrieb
> DIGITAL PC-Systeme und Server
> ApplePoint
> Windows NT-Netzwerke
> Unix Workstation-Peripherie
>
> Dr. Wolfgang Beneicke fon +49-6223-48126
> Fasanenstrasse 16, D-69251 Gaiberg fax +49-6223-5708
> ...near world famous Heidelberg, Germany
> _-_-_-_-_s-c_h-n_i-p_p_-_-_-_-_-_-_-_-_-_--_-_-_-_-_-_-_-_z-a_c-k_-_-_-_
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd: <http://www.nealis.net/ascend/faq>
--
Jason Eggleston
SysAdmin, Jet.Net Inc.
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: