Friday, November 16, 2007

Monitoring IPSEC traffic

We were testing something where we enabled IPSEC for port 445 on both server and client, but when browsing shares we were not seeing the secured connection in IP Security Policy Monitor. The reason was NetBIOS. SMB connections were being made on 139 instead of 445. After disabling NetBIOS over TCP/IP, then the secured connections showed up on port 445.

To disable SMB use of Netbios port 139 (Forces use of port 445):
On the Start menu, point to Settings, and then click Network and Dial-up Connections
Right-click Internet facing connection, and then click Properties.
Select Internet Protocol TCP/IP and select Properties
Click Advanced and select the WINS tab
Tick Disable NetBIOS over TCP/IP and click Ok

No comments: