-
February 21st, 2005, 08:51 AM
#1
Ethereal shows BROWSE protocol...
Hello Everyone,
I'm not sure if this is the right place to post a question like this, but since I'm an AO Newb, I thought this is a good place as any.
First off, I'm running Windows 2000 Professional on my laptop with a Linksys 54G wireless CardBus card that is connected to my wireless router. I'm using the WLAN monitor the connect to the router. I have an extra ethernet adapter (old fashioned hardwire) that is not connected but is not disabled. The wireless router is Netgear.
I decided that I should run Ethereal in promiscous mode to see what's going through my router. I noticed that my computer periodically sends out these broadcast messages using protocol BROWSE, with the following info: "Domain/workgroup announcement WORKGROUP, NT Workstation, Domain Enum".
Has anyone seen this before? I ran Ethereal a long time ago for a class project, and I did not see these messages on my computer -- however, I was using XP Pro at the time (maybe only W2K sends these out??).
The other strange thing is that my computer periodically pings the router out of the blue (not initiated by me!). Attached is the ethereal file, if anyone is interested to have a look.
I've never seen this before when I was running a "wired" linksys router, so this is not really freaking me out, but giving me only code "orange". Any info on this would be greatly appreciated.
-ik
P.S. Thanks to Ethereal, I was able to see that my computer was trying to connect to some weird IP address (207.something), so I ran ad-aware and found 40-something things. Augh... Time to start up ZoneAlarm? Anyway, my comp hasn't tried connecting there since I cleaned off the spyware.
-
February 21st, 2005, 09:23 AM
#2
Hi Iron-Kurton
First a comment: I do not see an attempted connection to 207.something in the
attached ethereal capture file . Could you elaborate?
About the packets. Looks like the computer browser service[1] is doing its job - NetBIOS
is activated on your system. Based on this little service, you can see the computers
in your workgroup in the network neighborhood. 192.168.0.255 is the broadcast address
for your network range. All attached machines read that message and update their
list and/or send the answer to the request back to the broadcaster.
Cheers
[1] http://support.microsoft.com/?kbid=188001
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
February 21st, 2005, 09:27 AM
#3
Hey sec_ware,
Thanks for the reply. Actually, the 207.something capture was from another capture I was doing, and I got a little freaked out, and forgot to save that capture. It was just an aside, I suppose...
Anyway, I know that the 192.168.0.255 is the broadcast addy, but I'm just not sure what the BROWSE protocol is or what it is used for, why it is sending that message, etc. Could you elaborate?
Thanks,
-ik
Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
-- Homer S.
-
February 21st, 2005, 09:37 AM
#4
Hi Iron-Kurton
The computer browser service maintains an updated list of computers on the network and
supplies this list to computers designated as browsers[1]. In particular, as also mentioned
in my previous post (click the link there...), it is responsible for the network neighborhood
to present the list of the computer in your workgroup[s] and/or domain[s].
/edit: maybe the ethereal page[2] helps to create the link between what I write and
the "BROWSER" protocol.
Cheers
[1] http://www.theeldergeek.com/computer_browser.htm
[2] http://www.ethereal.com/docs/dfref/b/browser.html
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
February 21st, 2005, 09:44 AM
#5
Hey sec,
Thanks for the info. I missed that part (it's getting too late) -- anyway, thanks again.
-ik
Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
-- Homer S.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|