Notes for Week 10

  1. SMB Protocol Sequences (assume client is 9x):

    1. On startup, clients send their NetBIOS names & IP addresses to WINS server (via UDP).

    2. If there is no WINS server, all NetBIOS name resolution is done by UDP broadcast (which isolates name resolution to the local sub-net).

    3. Workgroup computers hold an election every 11-15 minutes to determine who is LMB - it keeps a list of available services for browsing by other computers; election criteria include longest uptime, most senior protocol version; LMB provides list that appears when you open Network Neighborhood.

    4. Hosts announce their NetBIOS names periodically.

    5. LMB locates its DMB using WINS to provide domain-wide browse lists; propagation of changes can take more than an hour for remote subnets.

    6. Client requests a list of PDC / SDCs - sends a netlogon SMB to each of them; first to reply is the one used.

    7. Client sends negprot SMB to negotiate protocol variants with server (what client understands).

    8. Client sends sesssetupX SMB to logon and receive UID.

    9. Client sends tcon or tconX SMB to specify share it wants to connect to, and to receive TID.

    10. Client issues NetWkstaUserLogon to get name of logon script.

    11. Client connects to NetLogon share to retrieve logon script (and then disconnects).

    12. Client sends NetUserGetInfo to find home share name.

    13. Client connects to home share and gets profiles (and then disconnects).

    14. Client reconnects to NetLogon to get policies.

    15. Windows clients drop network mappings that have been idle for 10 minutes or longer; connections are reestablished using cached passwords.

  2. Protocol usage varies with dialect (ie., NT version). This startup ethereal capture and shutdown ethereal capture of conversations between a samba server and a Win 98 client are annotated here. There is also a similar ethereal capture for an XP client.

    Compare the file print ethereal capture from a Win98 client with that from an XP client.

  3. EXERCISES for Week 10:

    1. Start samba and capture and examine the packets transferred when another linux PC opens a share. Identify the TID for each share accessed.

    2. Capture and examine the packets transferred when a Windows PC opens a share. Identify the TID for each share accessed.

    3. Capture and examine the packets transferred when you open a Windows share using smbmount. Identify the TID for each share accessed.

    4. Capture and examine the packets transferred when you open a Windows share using another Windows PC. Identify the TID for each share accessed.

©2005, Kenneth R. Koehler. All Rights Reserved. This document may be freely reproduced provided that this copyright notice is included.

Please send comments or suggestions to the author.