Locating an IP address via SMB

Dan Barrett nullpointer at pobox.com
Tue Jan 20 16:39:21 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 20 January 2004 16:13, Joshua Pollak wrote:
> 
> Is there a way to configure samba to log the IP's, workgroups, and 
> computer names of computers it notices on the network? Can I setup a 
> traffic monitor to do these things? I'm a bit of a novice in the 
> advanced network administration world, so any pointers would be 
> helpful.
> 


tcpdump -v -s 255 -i eth0 port not telnet | grep netbios-ns

... shows those boxes on the network announcing themselves and/or asking the 
NetBIOS name server stuff.  Sample data:

16:37:39.513035 IP (tos 0x0, ttl 128, id 6408, offset 0, flags [none], length: 
78) 172.24.220.119.netbios-ns > 172.24.223.255.netbios-ns: [udp sum ok] NBT 
UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:37:40.263360 IP (tos 0x0, ttl 128, id 6920, offset 0, flags [none], length: 
78) 172.24.220.119.netbios-ns > 172.24.223.255.netbios-ns: [udp sum ok] NBT 
UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:37:41.013788 IP (tos 0x0, ttl 128, id 9992, offset 0, flags [none], length: 
78) 172.24.220.119.netbios-ns > 172.24.223.255.netbios-ns: [udp sum ok] NBT 
UDP PACKET(137): QUERY; REQUEST; BROADCAST
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFADaAJsIjNiQTGkXARAlgHAKC7UMGN0/Gizudl2dudIZGrh8wK7wCgtVsu
BblAUhjvasIRvPooMSmUBlc=
=aekx
-----END PGP SIGNATURE-----




More information about the Discuss mailing list