This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 3 and 4
Revision 3 as of 2005-04-02 00:55:42
Size: 2010
Editor: GuyHarris
Comment: Italicize RFC titles, as is done on other pages.
Revision 4 as of 2005-04-03 11:09:31
Size: 2449
Editor: UlfLamping
Comment: add explanation, what NBNS does
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
This service is often called '''WINS''' on Windows systems.
Line 6: Line 8:
This protocol is often called WINS in ["CIFS"] documentation. NBNS serves much the same purpose as ["DNS"] does: Translate humane readable names to network addresses (e.g. www.ethereal.com to 65.208.228.223). As NetBIOS will run on top of several different network protocols (e.g. ["IP"], ["IPX"], ...), NBNS might translate to different address formats (see ["NetBIOS"] page for details).

Although ["DNS"] obsoleted the NBNS service, it's still widely used especially on Windows networks.
Line 10: Line 14:
XXX - add a brief description of NBNS history See the ["NetBIOS"] page for the history of NetBIOS.

NetBIOS Name Service (NBNS)

This service is often called WINS on Windows systems.

The NetBIOS Name Service is part of the NetBIOS-over-TCP protocol suite, see the ["NetBIOS"] page for further information.

NBNS serves much the same purpose as ["DNS"] does: Translate humane readable names to network addresses (e.g. www.ethereal.com to 65.208.228.223). As NetBIOS will run on top of several different network protocols (e.g. ["IP"], ["IPX"], ...), NBNS might translate to different address formats (see ["NetBIOS"] page for details).

Although ["DNS"] obsoleted the NBNS service, it's still widely used especially on Windows networks.

History

See the ["NetBIOS"] page for the history of NetBIOS.

Protocol dependencies

  • ["UDP"]: Typically, NBNS uses ["UDP"] as its transport protocol. The well known UDP port for NBNS traffic is 137.
  • ["TCP"]: NBNS can also use ["TCP"] as its transport protocol for some operations, although this might never be done in practice. The well known TCP port for NBNS traffic is 137.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

The NBNS dissector is partially functional; it dissects NBNS-over-UDP, but not NBNS-over-TCP (I'm not sure we've ever seen any NBNS-over-TCP traffic).

Preference Settings

(XXX add links to preference settings affecting how NBNS is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of NBNS display filter fields can be found in the [http://www.ethereal.com/docs/dfref/n/nbns.html display filter reference]

  • Show only the NBNS based traffic:

     nbns 

Capture Filter

You cannot directly filter NBNS while capturing. However, as it runs atop ["UDP"] or ["TCP"] port 137, you can filter on those ports.

  • Capture NBNS traffic:

     port 137 

Discussion

NetBIOS/NBNS (last edited 2008-04-14 20:22:24 by client1)