Bay Technical Associates RM356 User Manual
Page 86
Reference Guide for the Model RM356 Modem Router
8-10
Filter Configuration
You can wait until an erroneous call is placed, then examine this packet header to determine the
source and cause. The IP packet header contains information such as the next-level protocol type
(for example, ICMP, TCP, UDP), source and destination addresses, and source and destination port
numbers. Analyzing this data reveals the cause of the call, which provides the user with an
approach to eliminating the calls. For example, the first line of the packet shows the following (hex
values converted to decimal):
•
45 00 00 3E 9E 05 00 00 1F 11 CC 9D 8D FB 17 12 CF 45 BC B9 00 89 00 35
Bold characters denote
protocol (17, or 11h =UDP).
•
45 00 00 3E 9E 05 00 00 1F 11 CC 9D 8D FB 17 12 CF 45 BC B9 00 89 00 35
Bold characters denote source IP (141.251.23.18=local PC).
•
45 00 00 3E 9E 05 00 00 1F 11 CC 9D 8D FB 17 12 CF 45 BC B9 00 89 00 35
Bold characters denote destination IP (207.69.188.185=DNS server).
•
45 00 00 3E 9E 05 00 00 1F 11 CC 9D 8D FB 17 12 CF 45 BC B9 00 89 00 35
Bold characters denote source port number (137 or 89h=NetBIOS name service).
•
45 00 00 3E 9E 05 00 00 1F 11 CC 9D 8D FB 17 12 CF 45 BC B9 00 89 00 35
Bold characters denote destination port number (53, or 35h=DNS).
This packet represents a NetBIOS name service request from a local PC to the DNS server of the
ISP. An initial strategy for blocking this type of call would be to set up a call filter to prevent calls
from being originated by UDP packets with a source port of 137 (NetBIOS name service). Further
investigation would reveal that other ports are associated with NetBIOS services, and these ports
should be blocked, too.
A comprehensive list of protocol and port numbers for common IP traffic can be found in IETF
RFC1700, “Assigned Numbers.” Many common port numbers are also listed on any Windows PC
in a file called \windows\services. In the case of filtering NetBIOS traffic, the relevant ports are:
•
137 (TCP and UDP) NetBIOS Name Service
•
138 (TCP and UDP) NetBIOS Datagram Service
•
139 (TCP and UDP) NetBIOS Session Service