On Wed, Apr 03, 2002 at 09:06:32AM +0200, Andreas Moroder wrote:
> when I trace the network traffic of our office, two machines produces packets
> of the type LLC and LANMAN, the other not.
>
> Thee two machines are one win2k and one winNT, the other machines are all
> win98.
> Does anyone know why this machines use this protocolls and if they are
> necessary ?
"LLC" refers to the Institute of Electrical and Electronic Engineers
802.2 protocol. It's part of their series of protocols for local area
networks.
The intent was that it would be used on all local-area networks;
however, there was already another mechanism for sending packets on
Ethernet, used by, for example, IP, and so 802.2, on Ethernet, was used
only by some protocols. (802.2 is used more heavily on Token Ring,
FDDI, and 802.11 wireless LANs.)
One protocol that uses 802.2 LLC is the original protocol used for
NetBIOS services, sometimes called "NetBEUI", or "NetBEUI Frame", or
"NBF". The SMB (Server Message Block) file-sharing protocol devised by
Microsoft, IBM, and Intel uses NetBIOS services, and it can run atop the
NetBEUI Frame protocol atop 802.2 LLC atop Ethernet or Token Ring or....
It can also run atop other protocols, including TCP/IP.
There are a number of other protocols that use 802.2 LLC; Ethernet does
not have code to dissect all of them, and those that it doesn't dissect
are just reported as "LLC" packets. If they're just identified as "LLC"
packets, I can't say what the real protocol is without seeing the
packets (and, even then, I might not know what the protocol is).
As for LANMAN, that's part of the SMB file-sharing protocol; various
administrative operations use that protocol. I'm somewhat surprised
that the Windows 98 machines aren't using that protocol to communicate
with the two Windows NT (NT 4.0 and NT 5.0, the latter having been named
"Windows 2000" by Microsoft's marketing department) machines, but
perhaps they're not doing anything that requires that protocol.
