We help IT Professionals succeed at work.

netbios message

gs_kanata
gs_kanata used Ask the Experts™
on
I have seen continually this message in IPFilter log file.

Jul  2 20:30:33 nas3a ipmon[1753]: [ID 702911 local0.warning] 20:30:32.565073 2x e1000g4 @0:11 b 10.20.30.40,138 -> 10.20.30.255,138 PR udp len 20 250 IN low-ttl

The port 138 belongs netbios according to /etc/services file:

# cat /etc/services | grep 138
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp                         # NETBIOS Datagram Service

So I wondering what the message is trying to do. Is it a broadcast one? Blocking it will have any impact?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
These broadcast packets are part of NETBIOS name resolution. If your host don't have samba server, you can block them.
Most Valuable Expert 2013
Top Expert 2013
Commented:
Hi,

I assume that you have the CIFS client (smbfs) or Samba installed and running.

These broadcasts are used by smbfs/Samba to locate and resolve services on the network.

You can get rid of those broadcasts by setting nbns_enable in nsmbrc to no or false using sharectl.

sharectl set -p section=default -p  nbns_enable=false smbfs
This will force all service lookups to be done via name services (as configured in nsswitch.conf ("hosts = ...")

wmp

Author

Commented:
# svcs -a | grep smb
# Nothing returned
# svcs -a | grep samba
disabled       Jun_30   svc:/network/samba:default
Top Expert 2015

Commented:
nmbd is running

Author

Commented:
How do you know and how to check?
Top Expert 2015

Commented:
svcs ?

Author

Commented:
I did not find in SMF. The svc:/network/samba:default is disabled as showed above. Also checked name like "nbt", not entry from svcs.

 # /usr/sfw/bin/testparm
Load smb config files from /etc/sfw/smb.conf
params.c:OpenConfFile() - Unable to open configuration file "/etc/sfw/smb.conf":
        No such file or directory
Error loading services.

So what next to check?

Author

Commented:
Sorry, the broadcast message is not from my machine. On the other machine, I have

#svcs -a | grep sam
disabled       Oct_02   svc:/network/samba:default

#/usr/sfw/bin/testparm
Load smb config files from /etc/sfw/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[scratch]"
Processing section "[OP_samba]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = MYGROUP
        server string = Wireless Samba Server
        security = SHARE
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        dns proxy = No

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[scratch]
        path = /scratch
        guest ok = Yes

[OP_samba]
        path = /nfs_share/wlo_storage/OP_samba
        read only = No
        guest ok = Yes
        browseable = No

# ps -ef | grep smbd | grep -v grep
    root  3051     1   0   Apr 20 ?           0:01 /usr/sfw/sbin/smbd -D
    root 19467  3051   0 17:10:45 ?           0:01 /usr/sfw/sbin/smbd -D
    root  3054  3051   0   Apr 20 ?           0:00 /usr/sfw/sbin/smbd -D
    root 21111  3051   0 16:03:44 ?           0:00 /usr/sfw/sbin/smbd -D

But from abov info, how to find out why it needs to send out broadcasting message frequently?
Commented:
It broadcasts because server is trying to use NETBIOS for names resolution.
You can disable it by putting 2 lines in global section of smb.conf:

disable netbios = yes
smb ports = 445