Differences between revisions 3 and 4
Revision 3 as of 2006-06-05 03:19:21
Size: 1631
Editor: localhost
Comment:
Revision 4 as of 2008-04-12 17:51:24
Size: 1637
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
The NetBIOS Session Service is part of the NetBIOS-over-TCP protocol suite, see the ["NetBIOS"] page for further information. The NetBIOS Session Service is part of the NetBIOS-over-TCP protocol suite, see the [[NetBIOS]] page for further information.
Line 12: Line 12:
 * ["TCP"]: NBSS uses ["TCP"] as its transport protocol. The well known TCP port for NBSS traffic is 139.  * [[TCP]]: NBSS uses [[TCP]] as its transport protocol. The well known TCP port for NBSS traffic is 139.
Line 31: Line 31:
A complete list of NBSS display filter fields can be found in the [http://www.wireshark.org/docs/dfref/n/nbss.html display filter reference] A complete list of NBSS display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/n/nbss.html|display filter reference]]
Line 38: Line 38:
You cannot directly filter NBSS while capturing. However, as it runs atop ["TCP"] port 139, you can filter on that one. You cannot directly filter NBSS while capturing. However, as it runs atop [[TCP]] port 139, you can filter on that one.
Line 45: Line 45:
 * [http://www.ietf.org/rfc/rfc1001.txt RFC1001] Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods
 * [http://www.ietf.org/rfc/rfc1002.txt RFC1002] Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications
 * [[http://www.ietf.org/rfc/rfc1001.txt|RFC1001]] Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods
 * [[http://www.ietf.org/rfc/rfc1002.txt|RFC1002]] Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications

NetBIOS Session Service (NBSS)

The NetBIOS Session Service is part of the NetBIOS-over-TCP protocol suite, see the NetBIOS page for further information.

History

XXX - add a brief description of NBSS history

Protocol dependencies

  • TCP: NBSS uses TCP as its transport protocol. The well known TCP port for NBSS traffic is 139.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The NBSS dissector is fully functional.

Preference Settings

(XXX add links to preference settings affecting how NBSS is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of NBSS display filter fields can be found in the display filter reference

  • Show only the NBSS based traffic:

     nbss 

Capture Filter

You cannot directly filter NBSS while capturing. However, as it runs atop TCP port 139, you can filter on that one.

  • Capture NBSS traffic:

     tcp port 139 

  • RFC1001 Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods

  • RFC1002 Protocol Standard For a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications

Discussion

NetBIOS/NBSS (last edited 2008-04-12 17:51:24 by localhost)