The following are this morning's entries in the Incoming Access Log of my router:
217.220.238.97 netbios-ns
216.164.48.68 netbios-ns
Now, using McAfee Visual Trace, the first one traces out like this:
McAfee Visual Trace Version 3.25 Results
Target: 217.220.238.97
Date: 1/22/2004 (Thursday), 9:46:17 AM
Nodes: 18
Node Data
Node Net Reg IP Address Location Node Name
1 - - 192.168.1.13
2 1 - 192.168.1.1 Unknown
3 2 1 66.23.yyy.xxx Atlanta 66-23-yyy-xxx.clients.speedfactory.net
4 3 1 63.243.34.193 Charlotte wan.speedfactory.net
5 4 2 66.255.16.21 Charlotte uslec-66-255-16-21.cust.uslec.net
6 5 3 63.209.216.205 Atlanta ge-9-0-138.hsa2.atlanta1.level3.net
7 6 3 64.159.3.13 Atlanta ge-6-1-1.bbr1.atlanta1.level3.net
8 6 3 64.159.0.134 WASHINGTON D.C. so-2-2-0.bbr2.washington1.level3.net
9 7 3 212.187.128.133 Southwark so-0-0-0.mp2.london2.level3.net
10 8 3 212.187.128.205 Unknown so-4-1-0.mpls2.milan1.level3.net
11 9 3 213.242.64.19 Unknown ge-5-0.hsa1.milan1.level3.net
12 10 4 195.16.169.202 Unknown p0-0.albacom.bbnplanet.net
13 11 - 213.255.14.67 Milano bb1-g10-0.mi2.albacom.net
14 12 - 217.220.187.1 Unknown bb1-p3-0-rm2.albacom.net
15 11 - 213.255.9.7 Unknown
16 11 - 213.255.9.235 Unknown
17 - - 0.0.0.0 Unknown No Response
18 12 - 217.220.238.97 Unknown maria
Packet Data
Node High Low Avg Tot Lost
1 0 0 0 1 0
2 0 0 0 1 0
3 0 0 0 1 0
4 38 38 38 1 0
5 37 37 37 1 0
6 42 42 42 1 0
7 32 32 32 1 0
8 48 48 48 1 0
9 94 94 94 1 0
10 121 121 121 1 0
11 149 149 149 1 0
12 146 146 146 1 0
13 146 146 146 1 0
14 149 149 149 1 0
15 157 157 157 1 0
16 157 157 157 1 0
17 ---- ---- ---- 2 2
18 164 164 164 1 0
And the second one traces out like this:
McAfee Visual Trace Version 3.25 Results
Target: 216.164.48.68
Date: 1/22/2004 (Thursday), 9:48:31 AM
Nodes: 14
Node Data
Node Net Reg IP Address Location Node Name
1 - - 192.168.1.13
2 1 - 192.168.1.1 Unknown
3 2 1 66.23.yyy.xxx Atlanta 66-23-yyy-xxx.clients.speedfactory.net
4 3 1 63.243.34.193 Charlotte wan.speedfactory.net
5 4 2 66.255.16.21 Charlotte uslec-66-255-16-21.cust.uslec.net
6 5 3 63.209.216.205 Atlanta ge-9-0-138.hsa2.atlanta1.level3.net
7 6 3 64.159.3.81 Atlanta ge-6-2-1.bbr2.atlanta1.level3.net
8 6 3 64.159.1.2 WASHINGTON D.C. so-0-0-0.bbr1.washington1.level3.net
9 6 3 64.159.18.67 WASHINGTON D.C. ge-7-1.ipcolo1.washington1.level3.net
10 5 - 63.209.25.210 Unknown
11 7 4 207.172.19.63 Baltimore ge9-0.core2.lnh.md.rcn.net
12 7 4 207.172.15.20 Baltimore ge2-1.aggr1.lnh.md.rcn.net
13 8 4 208.59.202.220 Baltimore gth-ubr1.lnh-gth.md.cable.rcn.net
14 9 5 216.164.48.68 Baltimore 216-164-48-68.c3-0.gth-ubr1.lnh-gth.md.cable.rcn.com
Packet Data
Node High Low Avg Tot Lost
1 0 0 0 1 0
2 0 0 0 4 0
3 0 0 0 4 0
4 38 0 11 4 0
5 39 9 27 4 0
6 36 20 25 4 0
7 23 0 15 4 0
8 45 32 37 4 0
9 47 31 37 4 0
10 ---- ---- ---- 6 6
11 42 38 40 3 0
12 51 37 43 3 0
13 43 42 42 3 0
14 91 76 81 3 0
Both of these are netbois, but for the life of me I cannot figure out why someone would be knocking on my proverbial door.
217.220.238.97 netbios-ns
216.164.48.68 netbios-ns
Now, using McAfee Visual Trace, the first one traces out like this:
McAfee Visual Trace Version 3.25 Results
Target: 217.220.238.97
Date: 1/22/2004 (Thursday), 9:46:17 AM
Nodes: 18
Node Data
Node Net Reg IP Address Location Node Name
1 - - 192.168.1.13
2 1 - 192.168.1.1 Unknown
3 2 1 66.23.yyy.xxx Atlanta 66-23-yyy-xxx.clients.speedfactory.net
4 3 1 63.243.34.193 Charlotte wan.speedfactory.net
5 4 2 66.255.16.21 Charlotte uslec-66-255-16-21.cust.uslec.net
6 5 3 63.209.216.205 Atlanta ge-9-0-138.hsa2.atlanta1.level3.net
7 6 3 64.159.3.13 Atlanta ge-6-1-1.bbr1.atlanta1.level3.net
8 6 3 64.159.0.134 WASHINGTON D.C. so-2-2-0.bbr2.washington1.level3.net
9 7 3 212.187.128.133 Southwark so-0-0-0.mp2.london2.level3.net
10 8 3 212.187.128.205 Unknown so-4-1-0.mpls2.milan1.level3.net
11 9 3 213.242.64.19 Unknown ge-5-0.hsa1.milan1.level3.net
12 10 4 195.16.169.202 Unknown p0-0.albacom.bbnplanet.net
13 11 - 213.255.14.67 Milano bb1-g10-0.mi2.albacom.net
14 12 - 217.220.187.1 Unknown bb1-p3-0-rm2.albacom.net
15 11 - 213.255.9.7 Unknown
16 11 - 213.255.9.235 Unknown
17 - - 0.0.0.0 Unknown No Response
18 12 - 217.220.238.97 Unknown maria
Packet Data
Node High Low Avg Tot Lost
1 0 0 0 1 0
2 0 0 0 1 0
3 0 0 0 1 0
4 38 38 38 1 0
5 37 37 37 1 0
6 42 42 42 1 0
7 32 32 32 1 0
8 48 48 48 1 0
9 94 94 94 1 0
10 121 121 121 1 0
11 149 149 149 1 0
12 146 146 146 1 0
13 146 146 146 1 0
14 149 149 149 1 0
15 157 157 157 1 0
16 157 157 157 1 0
17 ---- ---- ---- 2 2
18 164 164 164 1 0
And the second one traces out like this:
McAfee Visual Trace Version 3.25 Results
Target: 216.164.48.68
Date: 1/22/2004 (Thursday), 9:48:31 AM
Nodes: 14
Node Data
Node Net Reg IP Address Location Node Name
1 - - 192.168.1.13
2 1 - 192.168.1.1 Unknown
3 2 1 66.23.yyy.xxx Atlanta 66-23-yyy-xxx.clients.speedfactory.net
4 3 1 63.243.34.193 Charlotte wan.speedfactory.net
5 4 2 66.255.16.21 Charlotte uslec-66-255-16-21.cust.uslec.net
6 5 3 63.209.216.205 Atlanta ge-9-0-138.hsa2.atlanta1.level3.net
7 6 3 64.159.3.81 Atlanta ge-6-2-1.bbr2.atlanta1.level3.net
8 6 3 64.159.1.2 WASHINGTON D.C. so-0-0-0.bbr1.washington1.level3.net
9 6 3 64.159.18.67 WASHINGTON D.C. ge-7-1.ipcolo1.washington1.level3.net
10 5 - 63.209.25.210 Unknown
11 7 4 207.172.19.63 Baltimore ge9-0.core2.lnh.md.rcn.net
12 7 4 207.172.15.20 Baltimore ge2-1.aggr1.lnh.md.rcn.net
13 8 4 208.59.202.220 Baltimore gth-ubr1.lnh-gth.md.cable.rcn.net
14 9 5 216.164.48.68 Baltimore 216-164-48-68.c3-0.gth-ubr1.lnh-gth.md.cable.rcn.com
Packet Data
Node High Low Avg Tot Lost
1 0 0 0 1 0
2 0 0 0 4 0
3 0 0 0 4 0
4 38 0 11 4 0
5 39 9 27 4 0
6 36 20 25 4 0
7 23 0 15 4 0
8 45 32 37 4 0
9 47 31 37 4 0
10 ---- ---- ---- 6 6
11 42 38 40 3 0
12 51 37 43 3 0
13 43 42 42 3 0
14 91 76 81 3 0
Both of these are netbois, but for the life of me I cannot figure out why someone would be knocking on my proverbial door.