Extrange diald behaviour

[Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>]

Hi all,

I have setup a Debian GNU/Linux box with IP-Masquerade, Samba 
and dial on demand. This system is running with NT workstations and an NT
server.

Sometimes the Linux box dials when it shouldn't. What it does to cause
diald to dial is a ping echo request to the nameservers... Apparently, 
there is no reason to cause this.


The Linux box is called ribera
The NT "server"? is called vinatea
The NT "workstatione"? julian

The NTboxes doesn't use WINS, they use instead a hosts files
the gateway is the Linux box, the DNSs are the same of the Linux box. The
windows services doesn't use the DNS services for name resolution.

The Linux box also has all machines in a hosts files


This is what happens on eth0, the LAN/IP-Masquerade interface, this is the
output of tcpdump -v -i eth0:

14:14:55.600000 cristobal.1115 > vinatea.netbios-ssn: P 3800:3843(43) ack 2624 win 7789 (DF)
14:14:55.600000 vinatea.netbios-ssn > cristobal.1115: P 2624:2667(43) ack 3843 win 8377 (DF)
14:14:55.720000 cristobal.1115 > vinatea.netbios-ssn: . ack 2667 win 7746 (DF)
14:14:56.680000 cristobal.1115 > vinatea.netbios-ssn: P 3843:4233(390) ack 2667 win 7746 (DF)
14:14:56.690000 vinatea.netbios-ssn > cristobal.1115: P 2667:2771(104) ack 4233 win 7987 (DF)
14:14:56.820000 cristobal.1115 > vinatea.netbios-ssn: . ack 2771 win 7642 (DF)
14:15:01.090000 cristobal.1115 > vinatea.netbios-ssn: P 4233:4625(392) ack 2771 win 7642 (DF)
14:15:01.140000 vinatea.netbios-ssn > cristobal.1115: P 2771:3235(464) ack 4625 win 7595 (DF)
14:15:01.330000 cristobal.1115 > vinatea.netbios-ssn: . ack 3235 win 8760 (DF)
14:15:02.710000 cristobal.1115 > vinatea.netbios-ssn: P 4625:4849(224) ack 3235 win 8760 (DF)
14:15:02.730000 vinatea.netbios-ssn > cristobal.1115: P 3235:3365(130) ack 4849 win 7371 (DF)
14:15:02.730000 cristobal.1115 > vinatea.netbios-ssn: P 4849:4965(116) ack 3365 win 8630 (DF)
14:15:02.730000 vinatea.netbios-ssn > cristobal.1115: P 3365:3404(39) ack 4965 win 8760 (DF)
14:15:02.830000 cristobal.1115 > vinatea.netbios-ssn: . ack 3404 win 8591 (DF)
14:15:07.780000 cristobal.netbios-ns > 192.168.1.255.netbios-ns: udp 68
14:15:07.780000 vinatea.netbios-ns > cristobal.netbios-ns: udp 62
14:15:13.860000 vinatea.netbios-dgm > 192.168.1.255.netbios-dgm: udp 208
14:15:14.190000 ribera > 194.106.2.132: icmp: echo request
14:15:15.110000 ribera > 194.106.2.132: icmp: echo request
14:15:16.110000 ribera > 194.106.2.132: icmp: echo request
14:15:17.110000 ribera > sparky.mad.servicom.es: icmp: echo request
14:15:18.110000 ribera > sparky.mad.servicom.es: icmp: echo request
14:15:19.110000 ribera > sparky.mad.servicom.es: icmp: echo request
14:15:20.120000 cristobal.netbios-ns > vinatea.netbios-ns: udp 50
14:15:20.120000 vinatea.netbios-ns > cristobal.netbios-ns: udp 355
14:15:23.430000 0:60:97:96:7a:5e > Broadcast sap e0 ui/C len=81
			 ffff 0050 0014 0000 0000 ffff ffff ffff
			 0455 0000 0001 0000 0000 0001 0455 0001
			 0000 0000 0000 0000 0000 0000 0000 0000
			 0000 00
14:15:23.430000 0:60:97:96:7a:5e > 0:60:97:96:7a:5e sap e0 ui/C len=81
			 ffff 0050 0004 0000 0001 0000 0000 0001
			 0455 0000 0001 0000 0000 0001 0455 0002
			 0000 0000 0000 0000 0000 0000 0000 0000
			 0000 00
14:15:23.970000 0:60:97:96:7a:5e > Broadcast sap e0 ui/C len=81
			 ffff 0050 0014 0000 0000 ffff ffff ffff
			 0455 0000 0001 0000 0000 0001 0455 0001
			 0000 0000 0000 0000 0000 0000 0000 0000
			 0000 00
14:15:23.970000 0:60:97:96:7a:5e > 0:60:97:96:7a:5e sap e0 ui/C len=81
			 ffff 0050 0004 0000 0001 0000 0000 0001
			 0455 0000 0001 0000 0000 0001 0455 0002
			 0000 0000 0000 0000 0000 0000 0000 0000
			 0000 00
14:15:24.510000 0:60:97:96:7a:5e > Broadcast sap e0 ui/C len=81
			 ffff 0050 0014 0000 0000 ffff ffff ffff
			 0455 0000 0001 0000 0000 0001 0455 0001
			 0000 0000 0000 0000 0000 0000 0000 0000
			 0000 00
14:15:24.510000 0:60:97:96:7a:5e > 0:60:97:96:7a:5e sap e0 ui/C len=81
			 ffff 0050 0004 0000 0001 0000 0000 0001
			 0455 0000 0001 0000 0000 0001 0455 0002
			 0000 0000 0000 0000 0000 0000 0000 0000
			 0000 00
14:15:25.050000 0:60:97:96:7a:5e > 0:60:97:96:7a:5e sap e0 ui/C len=191
			 ffff 00be 0004 0000 0001 ffff ffff ffff
			 0455 0000 0001 0000 0000 0001 0455 000b
			 5649 4e41 5445 4120 2020 2020 2020 2000
			 0102 5f
14:15:28.330000 0:60:97:96:7a:5e > Broadcast sap e0 ui/C len=161
			 ffff 00a0 0004 0000 0000 ffff ffff ffff
			 0452 0000 0000 0060 9796 7a5e 0452 0002
			 0640 5649 4e41 5445 4100 0000 0000 0000
			 0000 00
14:15:31.990000 0:60:97:96:7a:5e > 3:0:0:0:0:1 sap f0 ui/C len=170
			 2c00 ffef 0800 0000 0000 0000 0102 5f5f
			 4d53 4252 4f57 5345 5f5f 0201 5649 4e41
			 5445 4120 2020 2020 2020 2000 ff53 4d42
			 2500 00


This is what happens on ppp0, the diald interface, this is the output of
tcpdump -v -i ppp0:

14:15:40.510000 ribera > ns.vlc.servicom.es: icmp: echo request
14:15:40.510000 rdsi28.vlc.servicom.es.1931 > ns.vlc.servicom.es.domain:
4983+ (
44)
14:15:40.510000 ribera > ns.vlc.servicom.es: icmp: echo request
14:15:40.510000 ribera > ns.vlc.servicom.es: icmp: echo request
14:15:40.510000 ribera > sparky.mad.servicom.es: icmp: echo request
14:15:40.510000 ribera > sparky.mad.servicom.es: icmp: echo request
14:15:40.510000 ribera > sparky.mad.servicom.es: icmp: echo request
14:15:40.770000 ns.vlc.servicom.es.domain > rdsi28.vlc.servicom.es.1931:
4983* 1
/3/3 (209) (DF)
14:15:40.770000 rdsi28.vlc.servicom.es.1932 > ns.vlc.servicom.es.domain:
4984+ (
44)
14:15:40.940000 ns.vlc.servicom.es.domain > rdsi28.vlc.servicom.es.1932:
4984* 1
/3/3 (213) (DF)
14:15:40.940000 rdsi28.vlc.servicom.es.1933 > ns.vlc.servicom.es.domain:
4985+ (
44)
14:15:41.100000 ns.vlc.servicom.es.domain > rdsi28.vlc.servicom.es.1933:
4985* 1
/3/3 (202) (DF)


I attached my filter config


Any comment will be greatly appreciated,


Thanks in advance


	Ulisses

Attachment: standard.filter.gz
Description: GNU Zip compressed data