>From my /etc/services... netbios-ns 137/tcp #NETBIOS Name Service netbios-ns 137/udp #NETBIOS Name Service netbios-dgm 138/tcp #NETBIOS Datagram Service netbios-dgm 138/udp #NETBIOS Datagram Service netbios-ssn 139/tcp #NETBIOS Session Service netbios-ssn 139/udp #NETBIOS Session Service
I believe that these are the NetBIOS over TCP/IP instantiations so to speak. While NetBIOS can easily be run over IPX/SPX or even NetBeui, clearly a tcp/ip port number has to relevant in that case. [rant mode] I cannot blame you for the confusion as Priscilla mentioned that quite a few people somehow believe it is not. I think they are confusing it with NetBeui which techically has nothing to do with each other. (yes the name Netbeui means Netbios Extended User Interface, but still, technically nothing to do with each other in terms of NetBios functionality, it can ride over other network transports) I have had countless debates and arguments where people insisted they are bound to the hip or interchange their names like candy. Here is an interesting excerpt of some dialog I had at a startup I worked at years ago. Premise: When dealing with two separate LANs, as defined as Layer2 domains.... "Is it possible to get network neighborhood to work between the upstairs and the basement." - VP/Sales "Sure, we just need to bind Netbios over TCP/IP and make sure we can route over the two different networks. We might need to deal with WINS for seamless "naming" integration but it should work fine otherwise." - Carroll "You also will need NetBeui." - Other Tech Guy "[Trying to be nice]. No, sorry [Other Tech Guy], I am pretty sure you will not." - Carroll "Yes you do." - Other Tech Guy "[Still trying to be nice.]. Well, I do not think you do, since Netbeui is a transport protocol, and Netbios rides on top of any protocol it wants to. You already have TCP/IP as your transport, you do not need Netbeui, and on top of that, Netbeui will not cross over the LAN." - Carroll "You are wrong, you need Netbeui." - Other Tech Guy Trying the "wait, look there is a transport, you only need one angle". "But, if that was true, how come I can get a Unix box with Samba to work with a Windows machine. TCP/IP is the transport there, my Unix box has no concept of NetBeui yet it works." - Carroll "Look, Carroll, I have been in the ISP business for over 5 years, I think I know what I am doing." - Other Tech Guy Not that I could see the relevance of NetBeui in an ISP, just that he was clearly pushing his "move aside green horn" argument instead of trying to sensible attack the problem through theory. Well, since the other tech guy was "older" than me, and supposedly "far more experienced", they made sure Netbeui was on every machine. Sigh, I had other responsibilities rather than to go around proving him wrong. But experiences like these is what makes me say... - Check the theory and make sure it sounds right. - Check the practice, make sure it works right. - I don't care about your past experiences; technology moves so fast it invalidates so many "truisms" within months. The guy was wrong on 1, 2, and... for 3, he never had a truism to begin with, just a false sense of knowledge of the systems he worked with. As with those logical fallacies, does not matter how smart or how great your past work is, people can make mistakes. If you say something that is true in the "now", it is true. If you say something that is false in the "now" it is false regardless of your past history. > hi pple, well the reason why i ask this is because, recently i was told by > my network manager that there is a virus which uses netbios (udp 137, tcp > 138 and tcp 139) as a transport and had acrosses the WAN from a spoke site > to a hub site. And i was told to put an ACL by blocking the above port on > the fastethernet interface, well i was kind of confuse as in, i remember > that netbios arnt routable across the WAN, IF, and i mean IF there is really > such virus uses this ports, they shouldnt be able to traverse to the other > site across the WAN rite?? And when i did some debug ip packet, the udp 136 > and or ofcourse the tcp138 and 139, was captured and dropped! at the > fastethernet interface and TR interface (i had place the ACL on both > fastether and TR) but when i place it on the serial, i dun see any udp 136 > at all!...i jus need some clarification from people at this forum here -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71235&t=71084 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
