[squid-users] howto interprete NTLM tcpdumb data from Van Bossche Koen on 2001-10-09 (squid-users)

From: Van Bossche Koen <Koen.VanBossche@dont-contact.us>
Date: Tue, 9 Oct 2001 14:54:19 +0200

Hi all,

I am running squidv2.5DEV with NTLM. I tuned my configuration.
At this moment NTLM still keeps popping up his auth boxes regularly and my
log mentions every minute Netbios Error 4 and Netbios Error 3 codes. The
logfile on the NT BDC (close to the proxy) was about 4Mb for only about 3
hours.

I have run 'tcpdumb host BDC'. Would anyone be so kind to help me out
analyzing this data (what it means) and telling me how I can get better
performance of using NTLM. I really appreciate it.

14:40:23.010336 eth0 > kcoeuproxy1.37937 > kcoeq01.netbios-ssn: P
148:296(148) ack 89 win 5840>>> NBT (DF)
14:40:23.021521 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37937: P 89:177(88)
ack 296 win 8020>>> NBT (DF)
14:40:23.021546 eth0 > kcoeuproxy1.37937 > kcoeq01.netbios-ssn: . 296:296(0)
ack 177 win 5840 (DF)
14:40:23.084749 eth0 > kcoeuproxy1.37937 > kcoeq01.netbios-ssn: F 296:296(0)
ack 177 win 5840 (DF)
14:40:23.084958 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: S
1569396804:1569396804(0) win 5840 <mss 1460,sackOK,timestamp 37043195 0,nop
,wscale 0> (DF)
14:40:23.085332 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37937: F 177:177(0)
ack 297 win 8020 (DF)
14:40:23.085357 eth0 > kcoeuproxy1.37937 > kcoeq01.netbios-ssn: . 297:297(0)
ack 178 win 5840 (DF)
14:40:23.085643 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: S
154438148:154438148(0) ack 1569396805 win 8760 <mss 1460> (DF)
14:40:23.085658 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: . 1:1(0) ack
1 win 5840 (DF)
14:40:23.085687 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: P 1:73(72)
ack 1 win 5840>>> NBT (DF)
14:40:23.086358 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: P 1:5(4) ack
73 win 8688>>> NBT (DF)
14:40:23.086373 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: . 73:73(0)
ack 5 win 5840 (DF)
14:40:23.086399 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: P
73:297(224) ack 5 win 5840>>> NBT (DF)
14:40:23.094167 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: P 5:104(99)
ack 297 win 8464>>> NBT (DF)
14:40:23.131664 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: . 297:297(0)
ack 104 win 5840 (DF)
14:40:24.010409 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: S
1565647534:1565647534(0) win 5840 <mss 1460,sackOK,timestamp 37043287 0,nop
,wscale 0> (DF)
14:40:24.011033 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37966: S
154438159:154438159(0) ack 1565647535 win 8760 <mss 1460> (DF)
14:40:24.011057 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: . 1:1(0) ack
1 win 5840 (DF)
14:40:24.011086 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: P 1:73(72)
ack 1 win 5840>>> NBT (DF)
14:40:24.011764 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37966: P 1:5(4) ack
73 win 8688>>> NBT (DF)
14:40:24.011782 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: . 73:73(0)
ack 5 win 5840 (DF)
14:40:24.011808 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: P
73:297(224) ack 5 win 5840>>> NBT (DF)
14:40:24.012666 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37966: P 5:104(99)
ack 297 win 8464>>> NBT (DF)
14:40:24.016229 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: P
297:445(148) ack 104 win 5840>>> NBT (DF)
14:40:24.026763 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: P
104:192(88) ack 445 win 8316>>> NBT (DF)
14:40:24.026789 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: . 445:445(0)
ack 192 win 5840 (DF)
14:40:24.051666 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: . 297:297(0)
ack 104 win 5840 (DF)
14:40:24.093226 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: P
445:595(150) ack 192 win 5840>>> NBT (DF)
14:40:24.103989 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: P
192:280(88) ack 595 win 8166>>> NBT (DF)
14:40:24.104013 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: . 595:595(0)
ack 280 win 5840 (DF)
14:40:24.204967 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: P
595:745(150) ack 280 win 5840>>> NBT (DF)
14:40:24.215733 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: P
280:368(88) ack 745 win 8016>>> NBT (DF)
14:40:24.215760 eth0 > kcoeuproxy1.37964 > kcoeq01.netbios-ssn: . 745:745(0)
ack 368 win 5840 (DF)
14:40:25.211883 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: P
297:447(150) ack 104 win 5840>>> NBT (DF)
14:40:25.246300 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37964: R
154438516:154438516(0) win 0 (DF)
14:40:25.247290 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37966: P
104:192(88) ack 447 win 8314>>> NBT (DF)
14:40:25.247309 eth0 > kcoeuproxy1.37966 > kcoeq01.netbios-ssn: . 447:447(0)
ack 192 win 5840 (DF)
14:40:30.252506 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: S
1569915254:1569915254(0) win 5840 <mss 1460,sackOK,timestamp 37043912 0,nop
,wscale 0> (DF)
14:40:30.253177 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37979: S
154438175:154438175(0) ack 1569915255 win 8760 <mss 1460> (DF)
14:40:30.253201 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: . 1:1(0) ack
1 win 5840 (DF)
14:40:30.253231 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: P 1:73(72)
ack 1 win 5840>>> NBT (DF)
14:40:30.253927 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37979: P 1:5(4) ack
73 win 8688>>> NBT (DF)
14:40:30.253962 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: . 73:73(0)
ack 5 win 5840 (DF)
14:40:30.253988 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: P
73:297(224) ack 5 win 5840>>> NBT (DF)
14:40:30.254882 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37979: P 5:104(99)
ack 297 win 8464>>> NBT (DF)
14:40:30.291665 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: . 297:297(0)
ack 104 win 5840 (DF)
14:40:30.466291 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: P
297:439(142) ack 104 win 5840>>> NBT (DF)
14:40:30.477770 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37966: R
154438351:154438351(0) win 0 (DF)
14:40:30.479185 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37979: P
104:192(88) ack 439 win 8322>>> NBT (DF)
14:40:30.479224 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: . 439:439(0)
ack 192 win 5840 (DF)
14:40:33.596682 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: P
439:587(148) ack 192 win 5840>>> NBT (DF)
14:40:33.607402 eth0 < kcoeq01.netbios-ssn > kcoeuproxy1.37979: P
192:280(88) ack 587 win 8174>>> NBT (DF)
14:40:33.607426 eth0 > kcoeuproxy1.37979 > kcoeq01.netbios-ssn: . 587:587(0)
ack 280 win 5840 (DF)

BR/Koen

Koen Van Bossche

KONE International SA
KCO Telecom
Ave E. Van Nieuwenhuyse, 6
B - 1160 Brussels, Belgium
Tel : +32 (0)2 676.93.81
Fax : +32 (0)2 676.93.91
Received on Tue Oct 09 2001 - 06:54:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:39 MST