On Monday 10 December 2007, Allen Weiner wrote: > On Mon, 2007-12-10 at 22:28 -0500, Chris Knadle wrote: > > Makes no sense. I don't think these are related. /etc/resolv.conf > > only relates to DNS, which is stuff on port 53. Port 137 is for NETBIOS, > > and which is nonroutable. Are you perhaps using tunnelling like with a > > VPN connection or something? > > I followed a suggestion from PorkChop to restore my original resolv.conf > and see what happens. I restored resolv.conf to its original value and > rebooted. The UDP traffic to port 137 has stopped.
I still think it's unrelated to changes to /etc/resolv.conf. As far s I know, port 137 of Netbios is only used by Windows machines in order to discover computer names and shares for showing things in the "Network Neighborhood". The entry in /etc/serivces of 'netbios-ns' means "netbios name services" -- that's *NOT* directly related to DNS, even though it sounds like it could be. Were you doing anything with SMB shares or Samba before rebooting? > As I mentioned to PorkChop, I'm a novice at networking. I'd *greatly* > appreciate any additional suggestions you might have as to how to debug > this. Ugh. Well, generally speaking debugging networking means capturing network packets that your computer sees and examining them; usually followed by narrowing the parameters of the viewed packets to just the subset that show the problem. Viewing raw packets is not easy to understand and is generally a job relegated to people doing networking professionally. There are several tools for doing this; the most common that I know of for the command line is 'tcpdump', and 'wireshark' or 'ksniffer' on the GUI side. I think a GUI program will be easier for you to use, but I've never used them. 'tcpdump' is somewhat user-hostile before you get used to its command line option quirks. Besides packet sniffing you can also look at what network ports your box has open with 'netstat -tu'. If you run 'netstat -tup' as root you'll also see what program is associated with every open network connection. [The -tu means TCP and UDP; this is to not show local connections on unix sockets.] Well that's a start anyway. -- Chris -- Chris Knadle [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
