NetBIOS name resolution failing, DNS working, ICMP, 445/tcp

  • Thread starter Thread starter jbm.lists
  • Start date Start date
J

jbm.lists

Hello,

I recently discovered that on a Windows machine trying to resolve the
hostname in an UNC path, if NetBIOS name resolution of the hostname
fails but DNS name resolution works, Windows will first try to ping
(ICMP echo request) the IP address that was obtained from the DNS
resolution and if it receives an answer (ICMP echo response). then try
to connect to port 445/TCP only, to establish an SMB session.

That is, it does not try to connect to port 139/tcp at the same time,
even if NetBIOS over TCP/IP is enabled.

The following paragraph, found in
http://support.microsoft.com/?kbid=832017, seems to mention this
behavior:

"Note If a computer name resolves to multiple IP addresses using WINS,
or if WINS failed and the name is resolved using DNS, NetBIOS over
TCP/IP (NetBT) will try to ping the IP address or addresses of the file
server. Port 139 communications depend on Internet Control Message
Protocol (ICMP) echo messages. If Internet Protocol version 6 (IPv6) is
not installed, port 445 communications will also depend on ICMP for
name resolution. Preloaded Lmhosts entries will bypass the DNS
resolver. If IPv6 is installed on Windows Server 2003-based or Windows
XP-based systems, port 445 communications will not trigger any ICMP
requests."

I'm suspect that there is some kind of logic that if the hostname is
resolved by DNS and not by the NetBIOS name resolution, Windows is
assuming that the server host is Windows 2000 or > and thus support
445/tcp.

Still, does anyone know if it would be possible to force a Windows
client to try to connect to both 139/tcp and 444/tcp at the same time,
as it is usually the case?

Also, is there any place where this behavior is documented?

Thank you,

Jean-Baptiste Marchand
 
Back
Top