Re: Workstation Name in IP Packet
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/20/04
- Next message: Muhammad T. ALam: "Re: DNS Query."
- Previous message: Dean: "Re: Workstation Name in IP Packet"
- In reply to: Dean: "Re: Workstation Name in IP Packet"
- Next in thread: Dean: "Re: Workstation Name in IP Packet"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 20 Jul 2004 02:23:26 GMT
I either export or select print/output to a file and select as displayed if I have
expanded a portion of a packet or expand all if I want to view detailed info. Of
course you can do that for the whole capture, a range, or single line. Try searching
your capture also for the computer name using edit/find capture and select find by
string and search in packet details and of course enter the computer name as the
string. --- Steve
"Dean" <dfields@itdept.net> wrote in message
news:u1T5bYfbEHA.2844@TK2MSFTNGP12.phx.gbl...
> How do you get that text? I have trie Save As and export with no avail. I
> have seen called/calling name in an http packet but they were NULL. In same
> session http protocol section in an option ntlm negotiate packet I have
> indeed seen the host name and domain name (always the same in my examples).
> I wanted to post them.
>
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:G9TKc.119575$%_6.2429@attbi_s01...
> > Though computer names will not be in the routing header info [for lack of
> better
> > name] used at the network layer, they can be in the body of the packet
> that is sent
> > as in a netbios session request as would be shown via record <00> using
> nbtstat-n on
> > the requesting computer . That is probably where that info is obtained for
> the event
> > log. See the last line of paste below of one packet I pulled from Ethereal
> for
> > "calling name". I was curious myself as how exactly this occurred. ---
> Steve
> >
> > No. Time Source Destination Protocol
> Info
> > 15 3.102954 192.168.1.52 192.168.1.105 NBSS
> Session request,
> > to SERVER1-2000<20> from STEVE-XP<00>
> >
> >
> > Frame 15 (126 bytes on wire, 126 bytes captured)
> > Ethernet II, Src: 00:07:95:ec:77:ca, Dst: 00:90:27:ae:0c:31
> > Internet Protocol, Src Addr: 192.168.1.52 (192.168.1.52), Dst Addr:
> 192.168.1.105
> > (192.168.1.105)
> > Transmission Control Protocol, Src Port: 2033 (2033), Dst Port:
> netbios-ssn (139),
> > Seq: 1, Ack: 1, Len: 72
> > NetBIOS Session Service
> > Message Type: Session request
> > Flags: 0x00
> > Length: 68
> > Called name: SERVER1-2000<20> (Server service)
> > Calling name: STEVE-XP<00> (Workstation/Redirector)
> >
> >
> > "Phillip Windell" <@.> wrote in message
> > news:%23VuYH5abEHA.2216@TK2MSFTNGP10.phx.gbl...
> > > I didn't realize it was on a different subnet. I had to go back and look
> > > through the previous posts. Perhaps FrontPage is including it in the
> > > Authentication attempt,...FrontPage does use WebDAV so that may be where
> it
> > > is comming from. WebDAV is encapsulated in HTTP and probably contains
> this
> > > information (and more).
> > >
> > > I was unable to find specifics on excatly what happens inside
> WebDAV,...all
> > > of the articals seemed like they were written by a Sales Dept instead of
> > > technical people.
> > >
> > > --
> > >
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > >
> > >
> > > "Dean" <dfields@itdept.net> wrote in message
> > > news:%23wtXmpabEHA.3508@TK2MSFTNGP09.phx.gbl...
> > > > I don;t get it. How can it "resolve" the name when the host is on
> another
> > > > unrelated network, not a member of a windows domain, not in dns or
> wins.
> > > And
> > > > resolve from what? Where does it get the info?
> > > >
> > > > "Phillip Windell" <@.> wrote in message
> > > > news:%23wVmjmZbEHA.2944@TK2MSFTNGP11.phx.gbl...
> > > > >
> > > > > "Dean" <dfields@itdept.net> wrote in message
> > > > > news:uhUQQ3BbEHA.3012@tk2msftngp13.phx.gbl...
> > > > > > How would you explain the way the destination host extracts the
> > > > > workstation
> > > > > > name.
> > > > >
> > > > > It doesn't "extract" it. It resolves it *separately*. This probably
> > > > happens
> > > > > at the time the log entry is created so that it can include the name
> in
> > > > the
> > > > > log.
> > > > >
> > > > > --
> > > > >
> > > > > Phillip Windell [MCP, MVP, CCNA]
> > > > > www.wandtv.com
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Muhammad T. ALam: "Re: DNS Query."
- Previous message: Dean: "Re: Workstation Name in IP Packet"
- In reply to: Dean: "Re: Workstation Name in IP Packet"
- Next in thread: Dean: "Re: Workstation Name in IP Packet"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
