"wellknown" -> "well known", NBDS is UDP-only.
|Deletions are marked like this.||Additions are marked like this.|
|Line 38:||Line 38:|
|You cannot directly filter NBDS while capturing. However, as it runs atop ["UDP"] port 138, you can filter on those ports.||You cannot directly filter NBDS while capturing. However, as it runs atop ["UDP"] port 138, you can filter on that port.|
|Line 41:||Line 41:|
|port 138 }}}||udp port 138 }}}|
NetBIOS Datagram Service (NBDS)
The NetBIOS Datagram Service is part of the NetBIOS-over-TCP protocol suite, see the ["NetBIOS"] page for further information.
XXX - add a brief description of NBDS history
- ["UDP"]: Typically, NBDS uses ["UDP"] as its transport protocol. The well known UDP port for NBDS traffic is 138.
XXX - Add example traffic here (as plain text or Ethereal screenshot).
The NBDS dissector is partially functional; it should dissect all of the protocol, but does not reassemble datagrams fragmented at the NBDS layer.
(XXX add links to preference settings affecting how NBDS is dissected).
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.
A complete list of NBDS display filter fields can be found in the [http://www.ethereal.com/docs/dfref/n/nbdgm.html display filter reference]
Show only the NBDS based traffic:
You cannot directly filter NBDS while capturing. However, as it runs atop ["UDP"] port 138, you can filter on that port.
Capture NBDS traffic:
udp port 138
[http://www.ietf.org/rfc/rfc1001.txt RFC1001] Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods
[http://www.ietf.org/rfc/rfc1002.txt RFC1002] Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications