In diagnosing an XP workgroup problem, I learned about 'net view' which can be issued at the command line to show the computers in the workgroup. In addition, typing 'net view \\computername' will show the shared resources available on a machine in the workgroup. This was faster than reloading the gui view of network neighborhood as I tweaked settings to resolve the problem.
For TCP/IP networking commands: take a look at http://commandwindows.com/tcpiputil.htm.
Here I especially like 'netstat -a' to show all activity on the machine's ports. The command 'netstat -?' shows all netstat options. I used 'netstat -o' to determine process ids of odd looking connections. Then I looked at task manager and changed the view to show the pid. ( Though I could have typed tasklist at the command prompt.) So those strange looking connections?: one was from foldershare and another mcafee. If you suspect a trojan horse has taken over your machine, take a look at http://forums.techarena.in/showthread.php?t=443453
for help with the detective work including a list of known malware and the ports used.
Ports from 0 to 1023 are commonly used for services like mail, etc – generally not used for Trojans
Ports from 1024 to 49151 are registered for particular services for example – mysql uses port 3306 and oracle typically uses 1521
Ports above 49151 are rarely used except so suspect a Trojan or other malicious software
During this investigation , I noticed many attempts to enter the machine via UDP on port 1026. Apparently, this is incoming messenger spam. http://www.linklogger.com/UDP1026.htm
Wednesday, November 22, 2006
Windows XP Workgroup Not Accessible
I have long used a workgroup on my home network to easily share files and transfer files among machines. I recently began having problems after changing the network configuration to one wired machine and the rest on the network to wireless. This would not have been an issue except that the one wired machine had a firewall blocking communication with the workgroup.
After reading about the microsoft computer browser service at http://support.microsoft.com/kb/188001
and working through the suggestions at http://winhlp.com/WxNetwork.htm#Workgroup_is_not_accessible
, I resolved the problems. I modified the firewall to allow windows file sharing with NETBIOS on ports 137-139. Now the desktop with the wired connection can assume the role of master browser and workgroup irregularities have disappeared.
In the process, I found one of the laptops with both a wired and wireless adapter, needed to have the workgroup configured by the network wizard for both adapters at the same time. My clue about this was that MSHOME kept showing up in the network neighborhood in addition to my existing workgroup name. Another glitch with the laptop was healed after noticing one of the network adaptors did not allow file and print sharing. In the future, I will ensure both the wired and wireless adapters allow file and print sharing.
I learned about useful windows commands for networking like 'net view' that I'll discuss in my next blog.
After reading about the microsoft computer browser service at http://support.microsoft.com/kb/188001
and working through the suggestions at http://winhlp.com/WxNetwork.htm#Workgroup_is_not_accessible
, I resolved the problems. I modified the firewall to allow windows file sharing with NETBIOS on ports 137-139. Now the desktop with the wired connection can assume the role of master browser and workgroup irregularities have disappeared.
In the process, I found one of the laptops with both a wired and wireless adapter, needed to have the workgroup configured by the network wizard for both adapters at the same time. My clue about this was that MSHOME kept showing up in the network neighborhood in addition to my existing workgroup name. Another glitch with the laptop was healed after noticing one of the network adaptors did not allow file and print sharing. In the future, I will ensure both the wired and wireless adapters allow file and print sharing.
I learned about useful windows commands for networking like 'net view' that I'll discuss in my next blog.
Subscribe to:
Posts (Atom)
