I am attempting to receive network broadcasts from a bit of old equipment. The equipment broadcasts to address 255.255.255.255 on UDP por 138. (Actually Netbios over TCP which comes in as UDP port 138)

I can't seem to receive this data on a Windows XP machine. I have tried both the Netbios interface and the winsock interface using standard winsock functions (connect, bind, listen).

When I use ethereal I see the data come in from to my XP machine, but it doesn't pass to my windows UDP socket or come into my Netbios NCB receive.

If I write a windows program to send an equivalent message (using NetBIOS interface - over TCP), I receive the message fine over both UDP or Netbios, so I know that the software is basically correct on the receiver side.

I notice that when I simulate the message from a windows machine the destination address (as shown by ethereal) is 10.10.0.255 (my local subnet). I get these messages just fine, but the old computer sends to address 255.255.255.255 and I don't see these at all (except in ethereal).

Does anyone have any idea why I would get some data when listening on the port, but not other data? Since ethereal sees it, it is not being consumed by a router on the network, or anything else. It is hitting my network card in my pc just fine. I have disabled the firewall on my PC but this didn't solve the problem.

Windows/winsock is obviously deciding not to pass the data to my application, but I haven't a clue as to why.

255.255.255.255 is broadcast address that used in bootstrap protocol.
You can't get the packet from layer 3, but from layer 2.
OS will not pass this packet to above layer.

The driver of Ethereal gets this packet from copy of layer 2.

Netbios over TCP is TCP, not UDP. Why do you thin kit's UDP?

The listener socket must know it's listening for broadcasts (SO_BROADCAST). Is it?

Port 138 is a "special" port, assigned for printer and file sharing. It was the first big internet security hole for Windows, and is now remarkably protected, more than just simple firewalls. Try a different port.

Mike

Ethereal show the broadcast message from the legacy machine coming in as a UDP message on port 138 to address 255.255.255.255. That is why I think it is UDP, Ethereal shows it to be such.

see this article...

http://www.protocolbase.net/protocols/protocol_NBDGM.php

Good, then you have confirmation that it's UDP. But then it clearly can't be Netbios over TCP, which is TCP, and which is not mentioned in the article that you cited.

Were you able to make any headway on your core issue, namely, that your XP machine cannot receive this UDP broadcast?

Mike

Not really. Going on what henky stated, I've begun an implementation using WinPCap to obtain the data at layer-2.