Ethereal shows BROWSE protocol...
Results 1 to 5 of 5

Thread: Ethereal shows BROWSE protocol...

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    107

    Ethereal shows BROWSE protocol...

    Hello Everyone,

    I'm not sure if this is the right place to post a question like this, but since I'm an AO Newb, I thought this is a good place as any.

    First off, I'm running Windows 2000 Professional on my laptop with a Linksys 54G wireless CardBus card that is connected to my wireless router. I'm using the WLAN monitor the connect to the router. I have an extra ethernet adapter (old fashioned hardwire) that is not connected but is not disabled. The wireless router is Netgear.

    I decided that I should run Ethereal in promiscous mode to see what's going through my router. I noticed that my computer periodically sends out these broadcast messages using protocol BROWSE, with the following info: "Domain/workgroup announcement WORKGROUP, NT Workstation, Domain Enum".

    Has anyone seen this before? I ran Ethereal a long time ago for a class project, and I did not see these messages on my computer -- however, I was using XP Pro at the time (maybe only W2K sends these out??).

    The other strange thing is that my computer periodically pings the router out of the blue (not initiated by me!). Attached is the ethereal file, if anyone is interested to have a look.

    I've never seen this before when I was running a "wired" linksys router, so this is not really freaking me out, but giving me only code "orange". Any info on this would be greatly appreciated.

    -ik

    P.S. Thanks to Ethereal, I was able to see that my computer was trying to connect to some weird IP address (207.something), so I ran ad-aware and found 40-something things. Augh... Time to start up ZoneAlarm? Anyway, my comp hasn't tried connecting there since I cleaned off the spyware.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi Iron-Kurton

    First a comment: I do not see an attempted connection to 207.something in the
    attached ethereal capture file . Could you elaborate?

    About the packets. Looks like the computer browser service[1] is doing its job - NetBIOS
    is activated on your system. Based on this little service, you can see the computers
    in your workgroup in the network neighborhood. 192.168.0.255 is the broadcast address
    for your network range. All attached machines read that message and update their
    list and/or send the answer to the request back to the broadcaster.

    Cheers


    [1] http://support.microsoft.com/?kbid=188001
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #3
    Senior Member
    Join Date
    Dec 2004
    Posts
    107
    Hey sec_ware,

    Thanks for the reply. Actually, the 207.something capture was from another capture I was doing, and I got a little freaked out, and forgot to save that capture. It was just an aside, I suppose...

    Anyway, I know that the 192.168.0.255 is the broadcast addy, but I'm just not sure what the BROWSE protocol is or what it is used for, why it is sending that message, etc. Could you elaborate?

    Thanks,
    -ik
    Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
    -- Homer S.

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi Iron-Kurton

    The computer browser service maintains an updated list of computers on the network and
    supplies this list to computers designated as browsers[1]. In particular, as also mentioned
    in my previous post (click the link there...), it is responsible for the network neighborhood
    to present the list of the computer in your workgroup[s] and/or domain[s].

    /edit: maybe the ethereal page[2] helps to create the link between what I write and
    the "BROWSER" protocol.

    Cheers

    [1] http://www.theeldergeek.com/computer_browser.htm
    [2] http://www.ethereal.com/docs/dfref/b/browser.html
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  5. #5
    Senior Member
    Join Date
    Dec 2004
    Posts
    107
    Hey sec,

    Thanks for the info. I missed that part (it's getting too late) -- anyway, thanks again.

    -ik
    Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
    -- Homer S.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •