mailing list archives
Re: UDP port 137 Question
From: Eric Germann <ekgermann () cctec com>
Date: Wed, 07 Jan 1998 10:26:01 -0500
One interesting thing MS does is an extension of the resolver libraries.
For example, if I do a netstat -a to show all the connections on my server,
it will try and resolve the IP back to a name (reverse lookup via
in-addr.arpa). However, the extension is: If it can't resolve it via DNS,
it will attempt to look it up using NetBIOS name resolution lookups. If
its a Windoze environment (95, NT), the client will return its host name.
My guess on this one: Their hitting an NT webserver configured to log
names, not IP addresses, in the log file and the client machines don't have
Two other thoughts:
1) Keep IN-ADDR.ARPA up to date
2) Microsoft Internet Information Server only logs IP addresses, not names
given the historical slowness of reverse lookups and sloppy maintenance.
I never understood why forward and reverse maps were decoupled in DNS,
although I'm sure a good reason exists. Process Software Purveyor logs
by name (or did) and I'm not sure about Netscape's servers now.
At 02:24 PM 1/7/98 +0000, Paul Thornton wrote:
I noticed similar port 137 hits a while back, and after a bit of
investigating discovered that every time a colleague visited a web site
(using Netscape, incidentally) the server sent a port 137 request back to
the client PC.
Initially I thought this was a "helpful" MS extension in their server, but
have since seen port 137 hits from their nameservers as well. This probably
points to some interesting name lookups going on at there end, which results
in a NetBIOS name lookup being sent back. Somewhere I have the address of
the server in question - I'll dig it out if there is interest. If nothing
else, their hit count will go up ;-)
Paul Thornton, Network Engineer, London Internet Exchange Ltd.
Tel: 07000 783797 Mobile: +44 467 372205
Eric Germann Computer and Communications Technologies
ekgermann () cctec com Van Wert, OH 45891
Phone: 419 968 2640
http://www.cctec.com Fax: 419 968 2641
Network Design, Connectivity & System Integration Services
A Microsoft Solution Provider
- Re: UDP port 137 Question, (continued)