- Timestamp:
- May 23, 2008, 6:56:41 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/docs/htmldocs/Samba3-ByExample/primer.html
r44 r134 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Networking Primer</title><link rel="stylesheet" href=" samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"><link rel="next" href="gpl.html" title="Appendix A. GNU General Public License"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Networking Primer</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="gpl.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="primer"></a>Chapter 16. Networking Primer</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="primer.html#id386080">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id386216">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id386266">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id386373">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id386486">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id387580">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id388041">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id388566">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id388668">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Networking Primer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"><link rel="next" href="apa.html" title="Appendix A. GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Networking Primer</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="primer"></a>Chapter 16. Networking Primer</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="primer.html#id408228">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id408364">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id408414">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id408521">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id408634">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id409728">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id410194">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id410719">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id410820">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></div><p> 2 2 You are about to use the equivalent of a microscope to look at the information 3 3 that runs through the veins of a Windows network. We do more to observe the information than … … 9 9 Samba can be configured with a minimum of complexity. Simplicity should be mastered 10 10 before you get too deeply into complexities. Let's get moving: we have work to do. 11 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id 386080"></a>Requirements and Notes</h2></div></div></div><p>11 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id408228"></a>Requirements and Notes</h2></div></div></div><p> 12 12 Successful completion of this primer requires two Microsoft Windows 9x/Me Workstations 13 13 as well as two Microsoft Windows XP Professional Workstations, each equipped with an Ethernet 14 14 card connected using a hub. Also required is one additional server (either Windows 15 15 NT4 Server, Windows 2000 Server, or a Samba-3 on UNIX/Linux server) running a network 16 sniffer and analysis application ( etherealis a good choice). All work should be undertaken16 sniffer and analysis application (Wireshark is a good choice). All work should be undertaken 17 17 on a quiet network where there is no other traffic. It is best to use a dedicated hub 18 18 with only the machines under test connected at the time of the exercises. 19 </p><p><a class="indexterm" name="id 386095"></a>20 Ethereal has become the network protocol analyzer of choice for many network administrators.21 You may find more information regarding this tool from the 22 <a href="http://www.ethereal.com" target="_top">Ethereal</a> Web site. Ethereal installation23 files for Windows may be obtained from the Ethereal Web site. Ethereal is provided with24 SUSE and Red Hat Linux distributions, as well as with many other Linux distributions. It may 25 not be installed on your system by default. If it is not installed, you may also need 26 to install the <code class="literal">libpcap </code> software before you can install or use Ethereal.27 Please refer to the instructions for your operating system or to the Ethereal Web site28 for information regarding the installation and operation of Ethereal.29 </p><p> 30 To obtain <code class="literal"> ethereal</code> for your system, please visit the Ethereal31 <a href="http://www.ethereal.com/download.html#binaries" target="_top">download site</a>.19 </p><p><a class="indexterm" name="id408243"></a> 20 Wireshark (formerly Ethereal) has become the network protocol analyzer of choice for many network administrators. 21 You may find more information regarding this tool from the 22 <a class="ulink" href="http://www.wireshark.org" target="_top">Wireshark</a> Web site. Wireshark installation 23 files for Windows may be obtained from the Wireshark Web site. Wireshark is provided with 24 SUSE and Red Hat Linux distributions, as well as with many other Linux distributions. It may 25 not be installed on your system by default. If it is not installed, you may also need 26 to install the <code class="literal">libpcap</code> software before you can install or use Wireshark. 27 Please refer to the instructions for your operating system or to the Wireshark Web site 28 for information regarding the installation and operation of Wireshark. 29 </p><p> 30 To obtain <code class="literal">Wireshark</code> for your system, please visit the Wireshark 31 <a class="ulink" href="http://www.wireshark.org/download.html" target="_top">download site</a>. 32 32 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 33 33 The successful completion of this chapter requires that you capture network traffic 34 using <code class="literal"> Ethereal</code>. It is recommended that you use a hub, not an34 using <code class="literal">Wireshark</code>. It is recommended that you use a hub, not an 35 35 Ethernet switch. It is necessary for the device used to act as a repeater, not as a 36 36 filter. Ethernet switches may filter out traffic that is not directed at the machine 37 37 that is used to monitor traffic; this would not allow you to complete the projects. 38 38 </p></div><p> 39 <a class="indexterm" name="id 386154"></a>39 <a class="indexterm" name="id408302"></a> 40 40 Do not worry too much if you do not have access to all this equipment; network captures 41 41 from the exercises are provided on the enclosed CD-ROM. This makes it possible to dive directly 42 42 into the analytical part of the exercises if you so desire. 43 </p><p><a class="indexterm" name="id 386168"></a><a class="indexterm" name="id386179"></a>44 Please do not be alarmed at the use of a high-powered analysis tool ( Ethereal) in this45 primer. We expose you only to a minimum of detail necessary to complete 43 </p><p><a class="indexterm" name="id408315"></a><a class="indexterm" name="id408327"></a> 44 Please do not be alarmed at the use of a high-powered analysis tool (Wireshark) in this 45 primer. We expose you only to a minimum of detail necessary to complete 46 46 the exercises. If you choose to use any other network sniffer and protocol 47 47 analysis tool, be advised that it may not allow you to examine the contents of 48 48 recently added security protocols used by Windows 200x/XP. 49 49 </p><p> 50 You could just skim through the exercises and try to absorb the key points made. 51 The exercises provide all the information necessary to convince the die-hard network 52 engineer. You possibly do not require so much convincing and may just want to move on, 53 in which case you should at least read <a href="primer.html#chap01conc" title="Dissection and Discussion">???</a>.54 </p><p> 55 <a href="primer.html#chap01qa" title="Questions and Answers">???</a> also provides useful information50 You could just skim through the exercises and try to absorb the key points made. 51 The exercises provide all the information necessary to convince the die-hard network 52 engineer. You possibly do not require so much convincing and may just want to move on, 53 in which case you should at least read <a class="link" href="primer.html#chap01conc" title="Dissection and Discussion">“Dissection and Discussion”</a>. 54 </p><p> 55 <a class="link" href="primer.html#chap01qa" title="Questions and Answers">“Questions and Answers”</a> also provides useful information 56 56 that may help you to avoid significantly time-consuming networking problems. 57 </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id 386216"></a>Introduction</h2></div></div></div><p>57 </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id408364"></a>Introduction</h2></div></div></div><p> 58 58 The purpose of this chapter is to create familiarity with key aspects of Microsoft Windows 59 network computing. If you want a solid technical grounding, do not gloss over these exercises. 60 The points covered are recurrent issues on the Samba mailing lists. 61 </p><p><a class="indexterm" name="id 386228"></a>59 network computing. If you want a solid technical grounding, do not gloss over these exercises. 60 The points covered are recurrent issues on the Samba mailing lists. 61 </p><p><a class="indexterm" name="id408376"></a> 62 62 You can see from these exercises that Windows networking involves quite a lot of network 63 63 broadcast traffic. You can look into the contents of some packets, but only to see … … 75 75 Edition</em></span> (TOSHARG2) Chapter 9, “<span class="quote">Network Browsing,</span>” and Chapter 3, 76 76 “<span class="quote">Server Types and Security Modes.</span>” 77 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id 386266"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id386273"></a>77 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id408414"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id408421"></a> 78 78 You are about to witness how Microsoft Windows computer networking functions. The 79 79 exercises step through identification of how a client machine establishes a … … 81 81 each other (i.e., how browsing works) and how the two key types of user identification 82 82 (share mode security and user mode security) are affected. 83 </p><p><a class="indexterm" name="id 386287"></a>83 </p><p><a class="indexterm" name="id408435"></a> 84 84 The networking protocols used by MS Windows networking when working with Samba 85 85 use TCP/IP as the transport protocol. The protocols that are specific to Windows 86 networking are encapsulated in TCP/IP. The network analyzer we use ( Ethereal)86 networking are encapsulated in TCP/IP. The network analyzer we use (Wireshark) 87 87 is able to show you the contents of the TCP/IP packets (or messages). 88 </p><div class="procedure"><a name="chap01tasks"></a><p class="title"><b>Procedure 16.1. Diagnostic Tasks</b></p><ol type="1"><li><p><a class="indexterm" name="id 386318"></a><a class="indexterm" name="id386329"></a><a class="indexterm" name="id386337"></a>88 </p><div class="procedure"><a name="chap01tasks"></a><p class="title"><b>Procedure 16.1. Diagnostic Tasks</b></p><ol type="1"><li><p><a class="indexterm" name="id408465"></a><a class="indexterm" name="id408477"></a><a class="indexterm" name="id408485"></a> 89 89 Examine network traces to witness SMB broadcasts, host announcements, 90 90 and name resolution processes. … … 96 96 Review traces of network logons for a Windows 9x/Me client as well as 97 97 a domain logon for a Windows XP Professional client. 98 </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id 386373"></a>Exercises</h2></div></div></div><p>99 <a class="indexterm" name="id 386381"></a>98 </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id408521"></a>Exercises</h2></div></div></div><p> 99 <a class="indexterm" name="id408529"></a> 100 100 You are embarking on a course of discovery. The first part of the exercise requires 101 101 two MS Windows 9x/Me systems. We called one machine <code class="constant">WINEPRESSME</code> and the 102 102 other <code class="constant">MILGATE98</code>. Each needs an IP address; we used <code class="literal">10.1.1.10</code> 103 103 and <code class="literal">10.1.1.11</code>. The test machines need to be networked via a <span class="emphasis"><em>hub</em></span>. A UNIX/Linux 104 machine is required to run <code class="literal"> Ethereal</code> to enable the network activity to be captured.104 machine is required to run <code class="literal">Wireshark</code> to enable the network activity to be captured. 105 105 It is important that the machine from which network activity is captured must not interfere with 106 106 the operation of the Windows workstations. It is helpful for this machine to be passive (does not … … 112 112 Choose a workgroup name (MIDEARTH) for each exercise. 113 113 </p><p> 114 <a class="indexterm" name="id 386463"></a>114 <a class="indexterm" name="id408611"></a> 115 115 The network captures provided on the CD-ROM included with this book were captured using <code class="constant">Ethereal</code> 116 version <code class="literal">0.10.6</code>. A later version suffices without problems , but an earlier version may not116 version <code class="literal">0.10.6</code>. A later version suffices without problems (i.e. you should be using Wireshark), but an earlier version may not 117 117 expose all the information needed. Each capture file has been decoded and listed as a trace file. A summary of all 118 118 packets has also been included. This makes it possible for you to do all the studying you like without the need to … … 120 120 that can be derived from this book really does warrant your taking sufficient time to practice each exercise with 121 121 care and attention to detail. 122 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id 386486"></a>Single-Machine Broadcast Activity</h3></div></div></div><p>122 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id408634"></a>Single-Machine Broadcast Activity</h3></div></div></div><p> 123 123 In this section, we start a single Windows 9x/Me machine, then monitor network activity for 30 minutes. 124 </p><div class="procedure"><a name="id 386496"></a><p class="title"><b>Procedure 16.2. Monitoring Windows 9x Steps</b></p><ol type="1"><li><p>125 Start the machine from which network activity will be monitored (using <code class="literal"> ethereal</code>).126 Launch <code class="literal"> ethereal</code>, click124 </p><div class="procedure"><a name="id408644"></a><p class="title"><b>Procedure 16.2. Monitoring Windows 9x Steps</b></p><ol type="1"><li><p> 125 Start the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>). 126 Launch <code class="literal">Wireshark</code>, click 127 127 <span class="guimenu">Capture</span> → <span class="guimenuitem">Start</span>. 128 128 </p><p> 129 Click the following: 129 Click the following: 130 130 </p><div class="orderedlist"><ol type="1"><li><p>Update list of packets in real time</p></li><li><p>Automatic scrolling in live capture</p></li><li><p>Enable MAC name resolution</p></li><li><p>Enable network name resolution</p></li><li><p>Enable transport name resolution</p></li></ol></div><p> 131 131 Click <span class="guibutton">OK</span>. … … 135 135 </p></li><li><p> 136 136 At the conclusion of 30 minutes, stop the capture. Save the capture to a file so you can go back to it later. 137 Leave this machine running in preparation for the task in <a href="primer.html#secondmachine" title="Second Machine Startup Broadcast Interaction">???</a>.137 Leave this machine running in preparation for the task in <a class="link" href="primer.html#secondmachine" title="Second Machine Startup Broadcast Interaction">“Second Machine Startup Broadcast Interaction”</a>. 138 138 </p></li><li><p> 139 139 Analyze the capture. Identify each discrete message type that was captured. Note what transport protocol 140 140 was used. Identify the timing between messages of identical types. 141 </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id 386612"></a>Findings</h4></div></div></div><p>142 The summary of the first 10 minutes of the packet capture should look like <a href="primer.html#pktcap01" title="Figure 16.1. Windows Me Broadcasts The First 10 Minutes">???</a>.143 A screenshot of a later stage of the same capture is shown in <a href="primer.html#pktcap02" title="Figure 16.2. Windows Me Later Broadcast Sample">???</a>.144 </p><div class="figure"><a name="pktcap01"></a><p class="title"><b>Figure 16.1. Windows Me Broadcasts The First 10 Minutes</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture.png" width="216" alt="Windows Me Broadcasts The First 10 Minutes"></div></div></div><br class="figure-break"><div class="figure"><a name="pktcap02"></a><p class="title"><b>Figure 16.2. Windows Me Later Broadcast Sample</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture2.png" width="226.8" alt="Windows Me Later Broadcast Sample"></div></div></div><br class="figure-break"><p><a class="indexterm" name="id 386725"></a><a class="indexterm" name="id386736"></a>145 Broadcast messages observed are shown in <a href="primer.html#capsstats01" title="Table 16.1. Windows Me Startup Broadcast Capture Statistics">???</a>.141 </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id408760"></a>Findings</h4></div></div></div><p> 142 The summary of the first 10 minutes of the packet capture should look like <a class="link" href="primer.html#pktcap01" title="Figure 16.1. Windows Me Broadcasts The First 10 Minutes">“Windows Me Broadcasts The First 10 Minutes”</a>. 143 A screenshot of a later stage of the same capture is shown in <a class="link" href="primer.html#pktcap02" title="Figure 16.2. Windows Me Later Broadcast Sample">“Windows Me Later Broadcast Sample”</a>. 144 </p><div class="figure"><a name="pktcap01"></a><p class="title"><b>Figure 16.1. Windows Me Broadcasts The First 10 Minutes</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture.png" width="216" alt="Windows Me Broadcasts The First 10 Minutes"></div></div></div><br class="figure-break"><div class="figure"><a name="pktcap02"></a><p class="title"><b>Figure 16.2. Windows Me Later Broadcast Sample</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture2.png" width="226.8" alt="Windows Me Later Broadcast Sample"></div></div></div><br class="figure-break"><p><a class="indexterm" name="id408873"></a><a class="indexterm" name="id408884"></a> 145 Broadcast messages observed are shown in <a class="link" href="primer.html#capsstats01" title="Table 16.1. Windows Me Startup Broadcast Capture Statistics">“Windows Me Startup Broadcast Capture Statistics”</a>. 146 146 Actual observations vary a little, but not by much. 147 147 Early in the startup process, the Windows Me machine broadcasts its name for two reasons: 148 148 first to ensure that its name would not result in a name clash, and second to establish its 149 149 presence with the Local Master Browser (LMB). 150 </p><div class="table"><a name="capsstats01"></a><p class="title"><b>Table 16.1. Windows Me Startup Broadcast Capture Statistics</b></p><div class="table-contents"><table summary="Windows Me Startup Broadcast Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">WINEPRESSME<00></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME<03></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME<20></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<00></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1d></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1e></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1b></td><td align="center">Qry</td><td align="center">84</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">__MSBROWSE__</td><td align="center">Reg</td><td align="center">8</td><td align="left">Registered after winning election to Browse Master</td></tr><tr><td align="left">JHT<03></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 x 2. This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">2</td><td align="left">Observed at 10 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Get Backup List Request</td><td align="center">Qry</td><td align="center">12</td><td align="left">6 x 2 early in startup, 0.5 sec apart</td></tr><tr><td align="left">Browser Election Request</td><td align="center">Ann</td><td align="center">10</td><td align="left">5 x 2 early in startup</td></tr><tr><td align="left">Request Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">4</td><td align="left">Early in startup</td></tr></tbody></table></div></div><br class="table-break"><p><a class="indexterm" name="id 387071"></a><a class="indexterm" name="id387079"></a>150 </p><div class="table"><a name="capsstats01"></a><p class="title"><b>Table 16.1. Windows Me Startup Broadcast Capture Statistics</b></p><div class="table-contents"><table summary="Windows Me Startup Broadcast Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">WINEPRESSME<00></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME<03></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME<20></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<00></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1d></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1e></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1b></td><td align="center">Qry</td><td align="center">84</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">__MSBROWSE__</td><td align="center">Reg</td><td align="center">8</td><td align="left">Registered after winning election to Browse Master</td></tr><tr><td align="left">JHT<03></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 x 2. This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">2</td><td align="left">Observed at 10 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Get Backup List Request</td><td align="center">Qry</td><td align="center">12</td><td align="left">6 x 2 early in startup, 0.5 sec apart</td></tr><tr><td align="left">Browser Election Request</td><td align="center">Ann</td><td align="center">10</td><td align="left">5 x 2 early in startup</td></tr><tr><td align="left">Request Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">4</td><td align="left">Early in startup</td></tr></tbody></table></div></div><br class="table-break"><p><a class="indexterm" name="id409219"></a><a class="indexterm" name="id409227"></a> 151 151 From the packet trace, it should be noted that no messages were propagated over TCP/IP; 152 152 all messages employed UDP/IP. When steady-state operation has been achieved, there is a cycle 153 153 of various announcements, re-election of a browse master, and name queries. These create 154 154 the symphony of announcements by which network browsing is made possible. 155 </p><p><a class="indexterm" name="id 387093"></a>155 </p><p><a class="indexterm" name="id409241"></a> 156 156 For detailed information regarding the precise behavior of the CIFS/SMB protocols, 157 157 refer to the book “<span class="quote">Implementing CIFS: The Common Internet File System,</span>” … … 160 160 At this time, the machine you used to capture the single-system startup trace should still be running. 161 161 The objective of this task is to identify the interaction of two machines in respect to broadcast activity. 162 </p><div class="procedure"><a name="id 387125"></a><p class="title"><b>Procedure 16.3. Monitoring of Second Machine Activity</b></p><ol type="1"><li><p>163 On the machine from which network activity will be monitored (using <code class="literal"> ethereal</code>),164 launch <code class="literal"> ethereal</code> and click162 </p><div class="procedure"><a name="id409273"></a><p class="title"><b>Procedure 16.3. Monitoring of Second Machine Activity</b></p><ol type="1"><li><p> 163 On the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>), 164 launch <code class="literal">Wireshark</code> and click 165 165 <span class="guimenu">Capture</span> → <span class="guimenuitem">Start</span>. 166 166 </p><p> 167 Click: 167 Click: 168 168 </p><div class="orderedlist"><ol type="1"><li><p>Update list of packets in real time</p></li><li><p>Automatic scrolling in live capture</p></li><li><p>Enable MAC name resolution</p></li><li><p>Enable network name resolution</p></li><li><p>Enable transport name resolution</p></li></ol></div><p> 169 169 Click <span class="guibutton">OK</span>. … … 177 177 Analyze the capture trace, taking note of the transport protocols used, the types of messages observed, 178 178 and what interaction took place between the two machines. Leave both machines running for the next task. 179 </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id 387234"></a>Findings</h4></div></div></div><p>180 <a href="primer.html#capsstats02" title="Table 16.2. Second Machine (Windows 98) Capture Statistics">???</a> summarizes capture statistics observed. As in the previous case,179 </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id409382"></a>Findings</h4></div></div></div><p> 180 <a class="link" href="primer.html#capsstats02" title="Table 16.2. Second Machine (Windows 98) Capture Statistics">“Second Machine (Windows 98) Capture Statistics”</a> summarizes capture statistics observed. As in the previous case, 181 181 all announcements used UDP/IP broadcasts. Also, as was observed with the last example, the second 182 182 Windows 9x/Me machine broadcasts its name on startup to ensure that there exists no name clash … … 185 185 “<span class="quote">Implementing CIFS: The Common Internet File System.</span>” 186 186 </p><div class="table"><a name="capsstats02"></a><p class="title"><b>Table 16.2. Second Machine (Windows 98) Capture Statistics</b></p><div class="table-contents"><table summary="Second Machine (Windows 98) Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">MILGATE98<00></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">MILGATE98<03></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">MILGATE98<20></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<00></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1d></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1e></td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH<1b></td><td align="center">Qry</td><td align="center">18</td><td align="left">900 sec apart at stable operation</td></tr><tr><td align="left">JHT<03></td><td align="center">Reg</td><td align="center">2</td><td align="left">This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement MILGATE98</td><td align="center">Ann</td><td align="center">14</td><td align="left">Every 120 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">6</td><td align="left">900 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">6</td><td align="left">Insufficient detail to determine frequency</td></tr></tbody></table></div></div><br class="table-break"><p> 187 <a class="indexterm" name="id 387506"></a>188 <a class="indexterm" name="id 387513"></a>189 <a class="indexterm" name="id 387520"></a>187 <a class="indexterm" name="id409654"></a> 188 <a class="indexterm" name="id409661"></a> 189 <a class="indexterm" name="id409668"></a> 190 190 Observation of the contents of Host Announcements, Domain/Workgroup Announcements, 191 191 and Local Master Announcements is instructive. These messages convey a significant 192 192 level of detail regarding the nature of each machine that is on the network. An example 193 dissection of a Host Announcement is given in <a href="primer.html#hostannounce" title="Figure 16.3. Typical Windows 9x/Me Host Announcement">???</a>.194 </p><div class="figure"><a name="hostannounce"></a><p class="title"><b>Figure 16.3. Typical Windows 9x/Me Host Announcement</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/HostAnnouncment.png" width="221.4" alt="Typical Windows 9x/Me Host Announcement"></div></div></div><br class="figure-break"></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id 387580"></a>Simple Windows Client Connection Characteristics</h3></div></div></div><p>193 dissection of a Host Announcement is given in <a class="link" href="primer.html#hostannounce" title="Figure 16.3. Typical Windows 9x/Me Host Announcement">“Typical Windows 9x/Me Host Announcement”</a>. 194 </p><div class="figure"><a name="hostannounce"></a><p class="title"><b>Figure 16.3. Typical Windows 9x/Me Host Announcement</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/HostAnnouncment.png" width="221.4" alt="Typical Windows 9x/Me Host Announcement"></div></div></div><br class="figure-break"></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id409728"></a>Simple Windows Client Connection Characteristics</h3></div></div></div><p> 195 195 The purpose of this exercise is to discover how Microsoft Windows clients create (establish) 196 196 connections with remote servers. The methodology involves analysis of a key aspect of how 197 197 Windows clients access remote servers: the session setup protocol. 198 </p><div class="procedure"><a name="id 387592"></a><p class="title"><b>Procedure 16.4. Client Connection Exploration Steps</b></p><ol type="1"><li><p>198 </p><div class="procedure"><a name="id409740"></a><p class="title"><b>Procedure 16.4. Client Connection Exploration Steps</b></p><ol type="1"><li><p> 199 199 Configure a Windows 9x/Me machine (MILGATE98) with a share called <code class="constant">Stuff</code>. 200 200 Create a <em class="parameter"><code>Full Access</code></em> control password on this share. … … 206 206 machines using a user name (JHT) of your choice. Wait approximately 2 minutes before proceeding. 207 207 </p></li><li><p> 208 Start ethereal(or the network sniffer of your choice).208 Start Wireshark (or the network sniffer of your choice). 209 209 </p></li><li><p> 210 210 From the WINEPRESSME machine, right-click <span class="guimenu">Network Neighborhood</span>, select 211 <span class="guimenuitem">Explore</span>, select 211 <span class="guimenuitem">Explore</span>, select 212 212 <span class="guimenuitem">My Network Places</span> → <span class="guimenuitem">Entire Network</span> → <span class="guimenuitem">MIDEARTH</span> → <span class="guimenuitem">MILGATE98</span> → <span class="guimenuitem">Stuff</span>. 213 213 Enter the password you set for the <code class="constant">Full Control</code> mode for the … … 217 217 Save the captured data in case it is needed for later analysis. 218 218 </p></li><li><p> 219 <a class="indexterm" name="id 387716"></a>219 <a class="indexterm" name="id409864"></a> 220 220 From the top of the packets captured, scan down to locate the first packet that has 221 interpreted as <code class="constant">Session Setup AndX, User: anonymous; Tree Connect AndX, 221 interpreted as <code class="constant">Session Setup AndX, User: anonymous; Tree Connect AndX, 222 222 Path: \\MILGATE98\IPC$</code>. 223 </p></li><li><p><a class="indexterm" name="id 387733"></a><a class="indexterm" name="id387741"></a>223 </p></li><li><p><a class="indexterm" name="id409881"></a><a class="indexterm" name="id409889"></a> 224 224 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request, 225 225 and Tree Connect AndX Request</code>. Examine both operations. Identify the name of … … 231 231 that was targeted at the <code class="constant">\\MILGATE98\IPC$</code> service. 232 232 </p></li><li><p> 233 <a class="indexterm" name="id 387782"></a>234 <a class="indexterm" name="id 387788"></a>233 <a class="indexterm" name="id409930"></a> 234 <a class="indexterm" name="id409937"></a> 235 235 Dissect this packet as per the previous one. This packet should have a password length 236 236 of 24 (characters) and should have a password field, the contents of which is a 237 237 long hexadecimal number. Observe the name in the Account field. This is a User Mode 238 238 session setup packet. 239 </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id 387800"></a>Findings and Comments</h4></div></div></div><p>240 <a class="indexterm" name="id 387808"></a>241 The <code class="constant">IPC$</code> share serves a vital purpose<sup>[<a name="id 387819" href="#ftn.id387819">15</a>]</sup>242 in SMB/CIFS-based networking. A Windows client connects to this resource to obtain the list of 239 </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id409948"></a>Findings and Comments</h4></div></div></div><p> 240 <a class="indexterm" name="id409956"></a> 241 The <code class="constant">IPC$</code> share serves a vital purpose<sup>[<a name="id409967" href="#ftn.id409967" class="footnote">15</a>]</sup> 242 in SMB/CIFS-based networking. A Windows client connects to this resource to obtain the list of 243 243 resources that are available on the server. The server responds with the shares and print queues that 244 244 are available. In most but not all cases, the connection is made with a <code class="constant">NULL</code> 245 245 username and a <code class="constant">NULL</code> password. 246 246 </p><p> 247 <a class="indexterm" name="id 387836"></a>247 <a class="indexterm" name="id409984"></a> 248 248 The two packets examined are material evidence of how Windows clients may 249 249 interoperate with Samba. Samba requires every connection setup to be authenticated using … … 252 252 account. 253 253 </p><p> 254 <a class="indexterm" name="id 387853"></a><a class="indexterm" name="id387859"></a>255 <a class="indexterm" name="id 387868"></a>254 <a class="indexterm" name="id410001"></a><a class="indexterm" name="id410007"></a> 255 <a class="indexterm" name="id410016"></a> 256 256 Samba has a special name for the <code class="constant">NULL</code>, or empty, user account: 257 it calls it the <a class=" indexterm" name="id387879"></a>guest account. The257 it calls it the <a class="link" href="smb.conf.5.html#GUESTACCOUNT">guest account</a>. The 258 258 default value of this parameter is <code class="constant">nobody</code>; however, this can be 259 259 changed to map the function of the guest account to any other UNIX identity. Some 260 260 UNIX administrators prefer to map this account to the system default anonymous 261 261 FTP account. A sample NULL Session Setup AndX packet dissection is shown in 262 <a href="primer.html#nullconnect" title="Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request">???</a>.262 <a class="link" href="primer.html#nullconnect" title="Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request">“Typical Windows 9x/Me NULL SessionSetUp AndX Request”</a>. 263 263 </p><div class="figure"><a name="nullconnect"></a><p class="title"><b>Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/NullConnect.png" width="221.4" alt="Typical Windows 9x/Me NULL SessionSetUp AndX Request"></div></div></div><br class="figure-break"><p> 264 <a class="indexterm" name="id 387943"></a>265 <a class="indexterm" name="id 387950"></a>266 <a class="indexterm" name="id 387956"></a>264 <a class="indexterm" name="id410095"></a> 265 <a class="indexterm" name="id410102"></a> 266 <a class="indexterm" name="id410109"></a> 267 267 When a UNIX/Linux system does not have a <code class="constant">nobody</code> user account 268 268 (<code class="filename">/etc/passwd</code>), the operation of the <code class="constant">NULL</code> … … 270 270 fail. This breaks all ability to browse the Samba server and is a common 271 271 problem reported on the Samba mailing list. A sample User Mode session setup AndX 272 is shown in <a href="primer.html#userconnect" title="Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request">???</a>.272 is shown in <a class="link" href="primer.html#userconnect" title="Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request">“Typical Windows 9x/Me User SessionSetUp AndX Request”</a>. 273 273 </p><div class="figure"><a name="userconnect"></a><p class="title"><b>Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserConnect.png" width="221.4" alt="Typical Windows 9x/Me User SessionSetUp AndX Request"></div></div></div><br class="figure-break"><p> 274 <a class="indexterm" name="id 388029"></a>274 <a class="indexterm" name="id410182"></a> 275 275 The User Mode connection packet contains the account name and the domain name. 276 276 The password is provided in Microsoft encrypted form, and its length is shown 277 277 as 24 characters. This is the length of Microsoft encrypted passwords. 278 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id 388041"></a>Windows 200x/XP Client Interaction with Samba-3</h3></div></div></div><p>278 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id410194"></a>Windows 200x/XP Client Interaction with Samba-3</h3></div></div></div><p> 279 279 By now you may be asking, “<span class="quote">Why did you choose to work with Windows 9x/Me?</span>” 280 280 </p><p> … … 291 291 a domain member of either a Samba-controlled domain or a Windows NT4 or 200x Active Directory domain. 292 292 Here we do not provide details for how to configure this, as full coverage is provided earlier in this book. 293 </p><div class="procedure"><a name="id 388076"></a><p class="title"><b>Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up</b></p><ol type="1"><li><p>294 Start your domain controller. Also, start the ethereal monitoring machine, launch ethereal,293 </p><div class="procedure"><a name="id410228"></a><p class="title"><b>Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up</b></p><ol type="1"><li><p> 294 Start your domain controller. Also, start the Wireshark monitoring machine, launch Wireshark, 295 295 and then wait for the next step to complete. 296 296 </p></li><li><p> 297 297 Start the Windows XP Client and wait 5 minutes before proceeding. 298 298 </p></li><li><p> 299 On the machine from which network activity will be monitored (using <code class="literal"> ethereal</code>),300 launch <code class="literal"> ethereal</code> and click299 On the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>), 300 launch <code class="literal">Wireshark</code> and click 301 301 <span class="guimenu">Capture</span> → <span class="guimenuitem">Start</span>. 302 302 </p><p> … … 305 305 Click <span class="guibutton">OK</span>. 306 306 </p></li><li><p> 307 On the Windows XP Professional client, press <span class="guimenu">Ctrl-Alt-Delete</span> to bring 307 On the Windows XP Professional client, press <span class="guimenu">Ctrl-Alt-Delete</span> to bring 308 308 up the domain logon screen. Log in using valid credentials for a domain user account. 309 309 </p></li><li><p> … … 314 314 <code class="constant">Frodo</code>, and we have connected to a share called <code class="constant">data</code>. 315 315 </p></li><li><p> 316 Stop the capture on the <code class="literal"> ethereal</code> monitoring machine. Be sure to save the captured data316 Stop the capture on the <code class="literal">Wireshark</code> monitoring machine. Be sure to save the captured data 317 317 to a file so that you can refer to it again later. 318 318 </p></li><li><p> … … 320 320 in this chapter. 321 321 </p></li><li><p> 322 <a class="indexterm" name="id 388290"></a>323 <a class="indexterm" name="id 388296"></a>322 <a class="indexterm" name="id410442"></a> 323 <a class="indexterm" name="id410449"></a> 324 324 From the top of the packets captured, scan down to locate the first packet that has 325 325 interpreted as <code class="constant">Session Setup AndX Request, NTLMSSP_AUTH</code>. 326 326 </p></li><li><p> 327 <a class="indexterm" name="id 388315"></a>328 <a class="indexterm" name="id 388322"></a>329 <a class="indexterm" name="id 388328"></a>327 <a class="indexterm" name="id410467"></a> 328 <a class="indexterm" name="id410474"></a> 329 <a class="indexterm" name="id410481"></a> 330 330 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request</code>. 331 331 Expand the packet decode information, beginning at the <code class="constant">Security Blob:</code> … … 333 333 keys. This should reveal that this is a <code class="constant">NULL</code> session setup packet. 334 334 The <code class="constant">User name: NULL</code> so indicates. An example decode is shown in 335 <a href="primer.html#XPCap01" title="Figure 16.6. Typical Windows XP NULL Session Setup AndX Request">???</a>.335 <a class="link" href="primer.html#XPCap01" title="Figure 16.6. Typical Windows XP NULL Session Setup AndX Request">“Typical Windows XP NULL Session Setup AndX Request”</a>. 336 336 </p></li><li><p> 337 337 Return to the packet capture sequence. There will be a number of packets that have been … … 339 339 has been decoded as <code class="constant">Session Setup AndX Request, NTLMSSP_AUTH</code>. 340 340 </p></li><li><p> 341 <a class="indexterm" name="id 388386"></a>341 <a class="indexterm" name="id410538"></a> 342 342 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request</code>. 343 343 Expand the packet decode information, beginning at the <code class="constant">Security Blob:</code> … … 345 345 keys. This should reveal that this is a <code class="constant">User Mode</code> session setup packet. 346 346 The <code class="constant">User name: jht</code> so indicates. An example decode is shown in 347 <a href="primer.html#XPCap02" title="Figure 16.7. Typical Windows XP User Session Setup AndX Request">???</a>. In this case the user name was <code class="constant">jht</code>. This packet347 <a class="link" href="primer.html#XPCap02" title="Figure 16.7. Typical Windows XP User Session Setup AndX Request">“Typical Windows XP User Session Setup AndX Request”</a>. In this case the user name was <code class="constant">jht</code>. This packet 348 348 decode includes the <code class="constant">Lan Manager Response:</code> and the <code class="constant">NTLM Response:</code>. 349 349 The values of these two parameters are the Microsoft encrypted password hashes: respectively, the LanMan 350 350 password and then the NT (case-preserving) password hash. 351 351 </p></li><li><p> 352 <a class="indexterm" name="id 388440"></a>353 <a class="indexterm" name="id 388447"></a>352 <a class="indexterm" name="id410593"></a> 353 <a class="indexterm" name="id410600"></a> 354 354 The passwords are 24-character hexadecimal numbers. This packet confirms that this is a User Mode 355 355 session setup packet. 356 </p></li></ol></div><div class="figure"><a name="XPCap01"></a><p class="title"><b>Figure 16.6. Typical Windows XP NULL Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-NullConnection.png" width="270" alt="Typical Windows XP NULL Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="figure"><a name="XPCap02"></a><p class="title"><b>Figure 16.7. Typical Windows XP User Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-UserConnection.png" width="270" alt="Typical Windows XP User Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id 388539"></a>Discussion</h4></div></div></div><p><a class="indexterm" name="id388546"></a>356 </p></li></ol></div><div class="figure"><a name="XPCap01"></a><p class="title"><b>Figure 16.6. Typical Windows XP NULL Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-NullConnection.png" width="270" alt="Typical Windows XP NULL Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="figure"><a name="XPCap02"></a><p class="title"><b>Figure 16.7. Typical Windows XP User Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-UserConnection.png" width="270" alt="Typical Windows XP User Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id410692"></a>Discussion</h4></div></div></div><p><a class="indexterm" name="id410699"></a> 357 357 This exercise demonstrates that, while the specific protocol for the Session Setup AndX is handled 358 358 in a more sophisticated manner by recent MS Windows clients, the underlying rules or principles 359 remain the same. Thus it is demonstrated that MS Windows XP Professional clients still use a 359 remain the same. Thus it is demonstrated that MS Windows XP Professional clients still use a 360 360 <code class="constant">NULL-Session</code> connection to query and locate resources on an advanced network 361 361 technology server (one using Windows NT4/200x or Samba). It also demonstrates that an authenticated 362 362 connection must be made before resources can be used. 363 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id 388566"></a>Conclusions to Exercises</h3></div></div></div><p>363 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id410719"></a>Conclusions to Exercises</h3></div></div></div><p> 364 364 In summary, the following points have been established in this chapter: 365 365 </p><div class="itemizedlist"><ul type="disc"><li><p> … … 367 367 </p></li><li><p> 368 368 Network browsing protocols query information stored on browse masters that manage 369 information provided by NetBIOS Name Registrations and by way of ongoing host 369 information provided by NetBIOS Name Registrations and by way of ongoing host 370 370 announcements and workgroup announcements. 371 371 </p></li><li><p> … … 380 380 databases in concurrent deployment. Refer to <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 10, “<span class="quote">Account Information Databases.</span>” 381 381 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="chap01conc"></a>Dissection and Discussion</h2></div></div></div><p> 382 <a class="indexterm" name="id 388644"></a>382 <a class="indexterm" name="id410797"></a> 383 383 The exercises demonstrate the use of the <code class="constant">guest</code> account, the way that 384 384 MS Windows clients and servers resolve computer names to a TCP/IP address, and how connections … … 387 387 Those wishing background information regarding NetBIOS name types should refer to 388 388 the Microsoft knowledgebase article 389 <a href="http://support.microsoft.com/support/kb/articles/Q102/78/8.asp" target="_top">Q102878.</a>390 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id 388668"></a>Technical Issues</h3></div></div></div><p>391 <a class="indexterm" name="id 388676"></a>389 <a class="ulink" href="http://support.microsoft.com/support/kb/articles/Q102/78/8.asp" target="_top">Q102878.</a> 390 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id410820"></a>Technical Issues</h3></div></div></div><p> 391 <a class="indexterm" name="id410828"></a> 392 392 Network browsing involves SMB broadcast announcements, SMB enumeration requests, 393 393 connections to the <code class="constant">IPC$</code> share, share enumerations, and SMB connection … … 397 397 The questions and answers given in this section are designed to highlight important aspects of Microsoft 398 398 Windows networking. 399 </p><div class="qandaset"><dl><dt> <a href="primer.html#id 388717">399 </p><div class="qandaset"><dl><dt> <a href="primer.html#id410870"> 400 400 What is the significance of the MIDEARTH<1b> type query? 401 </a></dt><dt> <a href="primer.html#id 388760">401 </a></dt><dt> <a href="primer.html#id410912"> 402 402 What is the significance of the MIDEARTH<1d> type name registration? 403 </a></dt><dt> <a href="primer.html#id 388826">403 </a></dt><dt> <a href="primer.html#id410979"> 404 404 What is the role and significance of the <01><02>__MSBROWSE__<02><01> 405 405 name registration? 406 </a></dt><dt> <a href="primer.html#id 388854">406 </a></dt><dt> <a href="primer.html#id411007"> 407 407 What is the significance of the MIDEARTH<1e> type name registration? 408 </a></dt><dt> <a href="primer.html#id 388881">408 </a></dt><dt> <a href="primer.html#id411034"> 409 409 410 410 What is the significance of the guest account in smb.conf? 411 </a></dt><dt> <a href="primer.html#id 388948">411 </a></dt><dt> <a href="primer.html#id411104"> 412 412 Is it possible to reduce network broadcast activity with Samba-3? 413 </a></dt><dt> <a href="primer.html#id 389046">413 </a></dt><dt> <a href="primer.html#id411206"> 414 414 Can I just use plain-text passwords with Samba? 415 </a></dt><dt> <a href="primer.html#id 389122">415 </a></dt><dt> <a href="primer.html#id411281"> 416 416 What parameter in the smb.conf file is used to enable the use of encrypted passwords? 417 </a></dt><dt> <a href="primer.html#id 389161">417 </a></dt><dt> <a href="primer.html#id411320"> 418 418 Is it necessary to specify encrypt passwords = Yes 419 419 when Samba-3 is configured as a domain member? 420 </a></dt><dt> <a href="primer.html#id 389185">420 </a></dt><dt> <a href="primer.html#id411350"> 421 421 Is it necessary to specify a guest account when Samba-3 is configured 422 422 as a domain member server? 423 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id 388717"></a><a name="id388720"></a></td><td align="left" valign="top"><p>423 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id410870"></a><a name="id410872"></a></td><td align="left" valign="top"><p> 424 424 What is the significance of the MIDEARTH<1b> type query? 425 425 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 426 <a class="indexterm" name="id 388731"></a>427 <a class="indexterm" name="id 388740"></a>426 <a class="indexterm" name="id410884"></a> 427 <a class="indexterm" name="id410893"></a> 428 428 This is a broadcast announcement by which the Windows machine is attempting to 429 429 locate a Domain Master Browser (DMB) in the event that it might exist on the network. 430 430 Refer to <span class="emphasis"><em>TOSHARG2,</em></span> Chapter 9, Section 9.7, “<span class="quote">Technical Overview of Browsing,</span>” 431 431 for details regarding the function of the DMB and its role in network browsing. 432 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 388760"></a><a name="id388762"></a></td><td align="left" valign="top"><p>432 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id410912"></a><a name="id410914"></a></td><td align="left" valign="top"><p> 433 433 What is the significance of the MIDEARTH<1d> type name registration? 434 434 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 435 <a class="indexterm" name="id 388773"></a>436 <a class="indexterm" name="id 388782"></a>435 <a class="indexterm" name="id410926"></a> 436 <a class="indexterm" name="id410935"></a> 437 437 This name registration records the machine IP addresses of the LMBs. 438 438 Network clients can query this name type to obtain a list of browser servers from the … … 452 452 </p></li><li><p> 453 453 The IP address of the LMB on the local segment 454 </p></li></ul></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id 388826"></a><a name="id388829"></a></td><td align="left" valign="top"><p>454 </p></li></ul></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id410979"></a><a name="id410981"></a></td><td align="left" valign="top"><p> 455 455 What is the role and significance of the <01><02>__MSBROWSE__<02><01> 456 456 name registration? 457 457 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 458 <a class="indexterm" name="id 388842"></a>458 <a class="indexterm" name="id410994"></a> 459 459 This name is registered by the browse master to broadcast and receive domain announcements. 460 460 Its scope is limited to the local network segment, or subnet. By querying this name type, 461 461 master browsers on networks that have multiple domains can find the names of master browsers 462 462 for each domain. 463 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 388854"></a><a name="id388856"></a></td><td align="left" valign="top"><p>463 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id411007"></a><a name="id411009"></a></td><td align="left" valign="top"><p> 464 464 What is the significance of the MIDEARTH<1e> type name registration? 465 465 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 466 <a class="indexterm" name="id 388868"></a>466 <a class="indexterm" name="id411020"></a> 467 467 This name is registered by all browse masters in a domain or workgroup. The registration 468 468 name type is known as the Browser Election Service. Master browsers register themselves 469 469 with this name type so that DMBs can locate them to perform cross-subnet 470 470 browse list updates. This name type is also used to initiate elections for Master Browsers. 471 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 388881"></a><a name="id388883"></a></td><td align="left" valign="top"><p>472 <a class="indexterm" name="id 388888"></a>471 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id411034"></a><a name="id411036"></a></td><td align="left" valign="top"><p> 472 <a class="indexterm" name="id411040"></a> 473 473 What is the significance of the <em class="parameter"><code>guest account</code></em> in smb.conf? 474 474 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 482 482 Samba operation. Either the operating system must have an account called <code class="constant">nobody</code> 483 483 or there must be an entry in the <code class="filename">smb.conf</code> file with a valid UNIX account, such as 484 <a class=" indexterm" name="id388938"></a>guest account = ftp.485 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 388948"></a><a name="id388950"></a></td><td align="left" valign="top"><p>484 <a class="link" href="smb.conf.5.html#GUESTACCOUNT">guest account = ftp</a>. 485 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id411104"></a><a name="id411106"></a></td><td align="left" valign="top"><p> 486 486 Is it possible to reduce network broadcast activity with Samba-3? 487 487 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 488 <a class="indexterm" name="id 388962"></a>489 <a class="indexterm" name="id 388968"></a>490 Yes, there are two ways to do this. The first involves use of WINS (See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, 488 <a class="indexterm" name="id411118"></a> 489 <a class="indexterm" name="id411124"></a> 490 Yes, there are two ways to do this. The first involves use of WINS (See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, 491 491 Section 9.5, “<span class="quote">WINS The Windows Inter-networking Name Server</span>”); the 492 492 alternate method involves disabling the use of NetBIOS over TCP/IP. This second method requires 493 493 a correctly configured DNS server (see <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, Section 9.3, “<span class="quote">Discussion</span>”). 494 494 </p><p> 495 <a class="indexterm" name="id 388998"></a>496 <a class="indexterm" name="id 389005"></a>497 <a class="indexterm" name="id 389014"></a>498 The use of WINS reduces network broadcast traffic. The reduction is greatest when all network 499 clients are configured to operate in <em class="parameter"><code>Hybrid Mode</code></em>. This can be effected through 500 use of DHCP to set the NetBIOS node type to type 8 for all network clients. Additionally, it is 501 beneficial to configure Samba to use <a class=" indexterm" name="id389030"></a>name resolve order = wins host cast.495 <a class="indexterm" name="id411154"></a> 496 <a class="indexterm" name="id411161"></a> 497 <a class="indexterm" name="id411170"></a> 498 The use of WINS reduces network broadcast traffic. The reduction is greatest when all network 499 clients are configured to operate in <em class="parameter"><code>Hybrid Mode</code></em>. This can be effected through 500 use of DHCP to set the NetBIOS node type to type 8 for all network clients. Additionally, it is 501 beneficial to configure Samba to use <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER">name resolve order = wins host cast</a>. 502 502 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 503 503 Use of SMB without NetBIOS is possible only on Windows 200x/XP Professional clients and servers, as 504 504 well as with Samba-3. 505 </p></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id 389046"></a><a name="id389048"></a></td><td align="left" valign="top"><p>505 </p></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id411206"></a><a name="id411208"></a></td><td align="left" valign="top"><p> 506 506 Can I just use plain-text passwords with Samba? 507 507 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 517 517 the connection automatically. Users need to log off and then log on again. Plain-text password support 518 518 may interfere with recent enhancements that are part of the Microsoft move toward a more secure computing 519 environment. 520 </p><p> 521 Samba-3 supports Microsoft encrypted passwords. Be advised not to reintroduce plain-text password handling. 519 environment. 520 </p><p> 521 Samba-3 supports Microsoft encrypted passwords. Be advised not to reintroduce plain-text password handling. 522 522 Just create user accounts by running <code class="literal">smbpasswd -a 'username'</code> 523 523 </p><p> … … 526 526 PDC/BDC to provide Windows user and group accounts, the <em class="parameter"><code>idmap uid, idmap gid</code></em> ranges 527 527 set in the <code class="filename">smb.conf</code> file provide the local UID/GIDs needed for local identity management purposes. 528 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 389122"></a><a name="id389124"></a></td><td align="left" valign="top"><p>528 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id411281"></a><a name="id411283"></a></td><td align="left" valign="top"><p> 529 529 What parameter in the <code class="filename">smb.conf</code> file is used to enable the use of encrypted passwords? 530 530 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 531 531 The parameter in the <code class="filename">smb.conf</code> file that controls this behavior is known as <em class="parameter"><code>encrypt 532 532 passwords</code></em>. The default setting for this in Samba-3 is <code class="constant">Yes (Enabled)</code>. 533 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 389161"></a><a name="id389163"></a></td><td align="left" valign="top"><p>534 Is it necessary to specify <a class=" indexterm" name="id389168"></a>encrypt passwords = Yes533 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id411320"></a><a name="id411323"></a></td><td align="left" valign="top"><p> 534 Is it necessary to specify <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS">encrypt passwords = Yes</a> 535 535 when Samba-3 is configured as a domain member? 536 536 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 537 537 No. This is the default behavior. 538 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 389185"></a><a name="id389188"></a></td><td align="left" valign="top"><p>538 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id411350"></a><a name="id411352"></a></td><td align="left" valign="top"><p> 539 539 Is it necessary to specify a <em class="parameter"><code>guest account</code></em> when Samba-3 is configured 540 540 as a domain member server? … … 542 542 Yes. This is a local function on the server. The default setting is to use the UNIX account 543 543 <code class="constant">nobody</code>. If this account does not exist on the UNIX server, then it is 544 necessary to provide a <a class=" indexterm" name="id389210"></a>guest account = an_account,544 necessary to provide a <a class="link" href="smb.conf.5.html#GUESTACCOUNT">guest account = an_account</a>, 545 545 where <code class="constant">an_account</code> is a valid local UNIX user account. 546 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id387819" href="#id387819">15</a>] </sup>TOSHARG2, Sect 4.5.1</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="gpl.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. A Collection of Useful Tidbits </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A. GNU General Public License</td></tr></table></div></body></html> 546 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id409967" href="#id409967" class="para">15</a>] </sup>TOSHARG2, Sect 4.5.1</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. A Collection of Useful Tidbits </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A. 547 <acronym class="acronym">GNU</acronym> General Public License version 3 548 </td></tr></table></div></body></html>
Note:
See TracChangeset
for help on using the changeset viewer.
