834 23.183712000 192.168.1.3 255.255.255.255 DHCP 342 DHCP Inform - Transaction ID 0x9a44e4ed
959 23.761281000 192.168.1.3 224.0.0.252 LLMNR 64 Standard query 0xc5cc A wpad
969 23.860862000 192.168.1.3 224.0.0.252 LLMNR 64 Standard query 0xc5cc A wpad
983 24.081085000 192.168.1.3 192.168.1.255 NBNS 92 Name query NB WPAD<00>
1848 33.342893000 192.168.1.3 192.168.1.2 LLMNR 130 Standard query response 0x6cec PTR 192.168.1.3
50289 2156.820846000 192.168.1.3 239.255.255.250 SSDP 167 M-SEARCH * HTTP/1.1
_____________________________________________________________
Netbios wasn't disabled at the time during the logged requests.
192.168.1.3 is running Linux. Is it possible that it has SAMBA requesting these packets?
Any suggestions, advice, comments appreciated.
Author: Intnull0, Posted: Fri Dec 28, 2012 6:40 pm Post subject: ---- Looks like .3 is broadcasting on port 137 (netBIOS names) querying for the DNS entry for WPAD (web proxy autdiscovery protocol) which will tell the requestor how to get to the Internet. Most likely nothing but I would see why/where the .3 machine is trying to connect to on the Internet.