Re: smbclient -M sends NetBIOS session service header to port 445
Steve, SMB messages sent via NBT or via naked TCP both have a four-byte header at the top. Under NBT this is the NetBIOS Session Service header, and it should have one byte of zero (indicating it's a Session Message) followed by 7-bits of zero (an unused flags field) followed by 17-bits of message size (some folks think of the flags field being an 8-bit field with the lowest bit meaning add 0x1 to the length field.) Anyway, Microsoft carried that header over to SMB over naked TCP so, yes, it's always there. It's a throw-back to NBT, but on port 445 it's just used as a 17-bit length field. Some folks say it's read as a 24-bit length... Gotta love this stuff, eh? As for smbclient, there are a number of things that can only really be done via port 139. The Messenger Service is one such, because it is bound to NetBIOS (though there is an alternate version that uses MS-RPC...but I haven't dug into that yet so all I know is that it uses port 135 somehow). The NetServerEnum2 calls also don't work on port 445. That's logical, because these are generally used to list workgroups and servers within a workgroup, both of which are NetBIOS concepts that don't exist on port 445. (Would be nice if they listed Active Directory info.) There is a problem that I have not had time to address, which is that newer versions of smbclient (HEAD, for example) default to trying to use port 445 first (which makes sense because it's much quicker in some cases to recover and try 139 if 445 fails then doing things the other way 'round). The problem is that if smbclient succeeds in connecting to 445 then it will try sending the NetServerEnum2 queries on that port, and Windows will send back either an error message or empty results (can't remember which off hand). So, smbclient should default to using port 139 for the NetServerEnum2 calls (-L option) unless -p is actually specified. Basically, the same problem as -M. In your example, though, you specify both -M and -p. Personally, I think that in this case smbclient is doing the right thing. If I enter 'smbclient -M server -p 10973', then I would expect smbclient to try sending the message to that port. The defaults should be 'best normal behavior' but smbclient is much more useful if I can bend it to my will. :) Chris -)- On Mon, Jan 06, 2003 at 09:17:35AM -0600, Steve Langasek wrote: If Samba is configured to try port 445 first, the 'smbclient -M' command can't send messages to Win2K machines: $ smbclient -M server -p 445 added interface ip=192.168.8.5 bcast=192.168.8.255 nmask=255.255.255.0 Got a positive name query response from 192.168.8.10 ( 192.168.8.10 ) read_socket_with_timeout: timeout read. read error = Connection reset by peer. message start: Read error: Connection reset by peer Ethereal shows that the packets sent by Samba include a 'Netbios Session Service' header. Is this the cause of the failure, or is the Windows messaging service inextricably bound to NetBIOS? In the former case, where would I look in the code to remove the NetBIOS header from the packet? -- Steve Langasek postmodern programmer -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: smbclient -M sends NetBIOS session service header to port 445
On Mon, Jan 06, 2003 at 11:08:32AM -0600, Christopher R. Hertel wrote: So, smbclient should default to using port 139 for the NetServerEnum2 calls (-L option) unless -p is actually specified. Basically, the same problem as -M. Ok, that was the same conclusion I arrived at. I'll put together a patch to make 'smbclient -M' force a connection to port 139. In your example, though, you specify both -M and -p. Personally, I think that in this case smbclient is doing the right thing. If I enter 'smbclient -M server -p 10973', then I would expect smbclient to try sending the message to that port. The defaults should be 'best normal behavior' but smbclient is much more useful if I can bend it to my will. Well, the -p option was added only for the purpose of being explicit. In 3.0, port 445 is currently the default port for *all* operations, including smbclient -M. So the code does need to change if -M needs port 139. -- Steve Langasek postmodern programmer msg05220/pgp0.pgp Description: PGP signature
Re: smbclient -M sends NetBIOS session service header to port 445
Steve, That would be great. Please also look at the -L option too, as that should default to 139 as well. (Sort of... it's not necessary for listing shares.) The -p option should override the defaults in any case, though. There are folks who use port-redirection (for SSH links to the server, etc.). They'd want -p to be authoritative, rather than just explicit. :) Thanks! Chris -)- On Mon, Jan 06, 2003 at 11:33:40AM -0600, Steve Langasek wrote: On Mon, Jan 06, 2003 at 11:08:32AM -0600, Christopher R. Hertel wrote: So, smbclient should default to using port 139 for the NetServerEnum2 calls (-L option) unless -p is actually specified. Basically, the same problem as -M. Ok, that was the same conclusion I arrived at. I'll put together a patch to make 'smbclient -M' force a connection to port 139. In your example, though, you specify both -M and -p. Personally, I think that in this case smbclient is doing the right thing. If I enter 'smbclient -M server -p 10973', then I would expect smbclient to try sending the message to that port. The defaults should be 'best normal behavior' but smbclient is much more useful if I can bend it to my will. Well, the -p option was added only for the purpose of being explicit. In 3.0, port 445 is currently the default port for *all* operations, including smbclient -M. So the code does need to change if -M needs port 139. -- Steve Langasek postmodern programmer -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: smbclient -M sends NetBIOS session service header to port 445
On Mon, Jan 06, 2003 at 11:51:24AM -0600, Christopher R. Hertel wrote: That would be great. Please also look at the -L option too, as that should default to 139 as well. (Sort of... it's not necessary for listing shares.) Ok. I'll add that to my queue behind getting libsmbclient to use the RPC call for share enumeration instead of the RAP call. :) The -p option should override the defaults in any case, though. There are folks who use port-redirection (for SSH links to the server, etc.). They'd want -p to be authoritative, rather than just explicit. :) Done. See attached. -- Steve Langasek postmodern programmer diff -ur samba-3.0alpha21.orig/source/client/client.c samba-3.0alpha21/source/client/client.c --- samba-3.0alpha21.orig/source/client/client.c2002-11-26 20:54:18.0 -0600 +++ samba-3.0alpha21/source/client/client.c 2003-01-06 14:08:54.0 -0600 @@ -2995,6 +2995,12 @@ } } + /* If -M is specified and -p is not, make sure we use port 139 + instead of port 445. srl */ + if (message port == 0) { + port = 139; + } + init_names(); if(*new_name_resolve_order)
Re: smbclient -M sends NetBIOS session service header to port 445
On Mon, Jan 06, 2003 at 02:23:13PM -0600, Steve Langasek wrote: On Mon, Jan 06, 2003 at 11:51:24AM -0600, Christopher R. Hertel wrote: That would be great. Please also look at the -L option too, as that should default to 139 as well. (Sort of... it's not necessary for listing shares.) Ok. I'll add that to my queue behind getting libsmbclient to use the RPC call for share enumeration instead of the RAP call. :) Oooh... That will be nice. It does need to do both, though, to handle older machines. Sigh. The -p option should override the defaults in any case, though. There are folks who use port-redirection (for SSH links to the server, etc.). They'd want -p to be authoritative, rather than just explicit. :) Done. See attached. -- Steve Langasek postmodern programmer diff -ur samba-3.0alpha21.orig/source/client/client.c samba-3.0alpha21/source/client/client.c --- samba-3.0alpha21.orig/source/client/client.c 2002-11-26 20:54:18.0 -0600 +++ samba-3.0alpha21/source/client/client.c 2003-01-06 14:08:54.0 -0600 @@ -2995,6 +2995,12 @@ } } + /* If -M is specified and -p is not, make sure we use port 139 +instead of port 445. srl */ + if (message port == 0) { + port = 139; + } + init_names(); if(*new_name_resolve_order) Piece of cake. Very nice! If no one else grabs it I'll try to get to it today. ...after I finish writhing up NTLMv2. :) Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]