This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2005-03-20 15:55:36
Size: 2000
Editor: UlfLamping
Comment: use subpages
Revision 2 as of 2005-03-20 20:38:29
Size: 2002
Editor: GuyHarris
Comment: "wellknown" -> "well known".
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
 * ["UDP"]: Typically, NBNS uses ["UDP"] as its transport protocol. The wellknown UDP port for NBNS traffic is 137.
 * ["TCP"]: NBNS can also use ["TCP"] as its transport protocol for some operations, although this might never be done in practice. The wellknown TCP port for NBNS traffic is 137.
 * ["UDP"]: Typically, NBNS uses ["UDP"] as its transport protocol. The well known UDP port for NBNS traffic is 137.
 * ["TCP"]: NBNS can also use ["TCP"] as its transport protocol for some operations, although this might never be done in practice. The well known TCP port for NBNS traffic is 137.

NetBIOS Name Service (NBNS)

The NetBIOS Name Service is part of the NetBIOS-over-TCP protocol suite, see the ["NetBIOS"] page for further information.

This protocol is often called WINS in ["CIFS"] documentation.

History

XXX - add a brief description of NBNS history

Protocol dependencies

  • ["UDP"]: Typically, NBNS uses ["UDP"] as its transport protocol. The well known UDP port for NBNS traffic is 137.
  • ["TCP"]: NBNS can also use ["TCP"] as its transport protocol for some operations, although this might never be done in practice. The well known TCP port for NBNS traffic is 137.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

The NBNS dissector is partially functional; it dissects NBNS-over-UDP, but not NBNS-over-TCP (I'm not sure we've ever seen any NBNS-over-TCP traffic).

Preference Settings

(XXX add links to preference settings affecting how NBNS is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of NBNS display filter fields can be found in the [http://www.ethereal.com/docs/dfref/n/nbns.html display filter reference]

  • Show only the NBNS based traffic:

     nbns 

Capture Filter

You cannot directly filter NBNS while capturing. However, as it runs atop ["UDP"] or ["TCP"] port 137, you can filter on those ports.

  • Capture NBNS traffic:

     port 137 

Discussion

NetBIOS/NBNS (last edited 2008-04-14 20:22:24 by client1)