UDP port 137 Question

Eric Germann ekgermann at cctec.com
Wed Jan 7 15:26:01 UTC 1998

One interesting thing MS does is an extension of the resolver libraries.
For example, if I do a netstat -a to show all the connections on my server,
it will try and resolve the IP back to a name (reverse lookup via
in-addr.arpa).  However, the extension is:  If it can't resolve it via DNS,
it will attempt to look it up using NetBIOS name resolution lookups.  If
its a Windoze environment (95, NT), the client will return its host name.

My guess on this one:  Their hitting an NT webserver configured to log
names, not IP addresses, in the log file and the client machines don't have
IN-ADDR.ARPA entries.  

Two other thoughts:

	1)	Keep IN-ADDR.ARPA up to date
	2)	Microsoft Internet Information Server only logs IP addresses, not names
given 		the historical slowness of reverse lookups and sloppy maintenance.
I never 		understood why forward and reverse maps were decoupled in DNS,
although I'm 		sure a good reason exists.  Process Software Purveyor logs
by name (or did) 		and I'm not sure about Netscape's servers now.

My $0.02


At 02:24 PM 1/7/98 +0000, Paul Thornton wrote:
>I noticed similar port 137 hits a while back, and after a bit of
>investigating discovered that every time a colleague visited a web site
>(using Netscape, incidentally) the server sent a port 137 request back to
>the client PC.
>Initially I thought this was a "helpful" MS extension in their server, but
>have since seen port 137 hits from their nameservers as well.  This probably
>points to some interesting name lookups going on at there end, which results
>in a NetBIOS name lookup being sent back.  Somewhere I have the address of
>the server in question - I'll dig it out if there is interest.  If nothing
>else, their hit count will go up ;-)
>Paul Thornton, Network Engineer, London Internet Exchange Ltd.
>Tel: 07000 783797   Mobile: +44 467 372205

Eric Germann				Computer and Communications Technologies
ekgermann at cctec.com			Van Wert, OH 45891
					Phone:	419 968 2640
http://www.cctec.com			Fax:	419 968 2641

Network Design, Connectivity & System Integration Services 
A Microsoft Solution Provider					

More information about the NANOG mailing list