NetBIOS
NetBIOS
Welcome back, my novice hackers!
What is NetBIOS
NetBIOS [Network Basic Input/Output System] was developed by IBM, Microsoft, and Sytek. NetBIOS allows computers and applications to communicate with network hardware, and allows data to transmit properly over a network. For example, Microsoft Windows computers that are named in a workgroup and not a domain use NetBIOS names, which are converted to IP addresses.
NetBIOS commonly communicates on ports 137, 138, and 139. If your firewall blocks any of these ports you may get errors when your computer communicates with another computer that utilizes NetBIOS (e.g., Microsoft Windows). To prevent these errors or warnings, you must provide access on these ports.
How NetBIOS Works With Applications
Software applications on a NetBIOS network locate and identify each other through their NetBIOS names. In Windows, the NetBIOS name is separate from the computer name and can be up to 16 characters long. applications on other computers access NetBIOS names over UDP, a simple OSI transport layer protocol for client/server network applications based on Internet Protocol on port 137.
Registering the NetBIOS name is required by the application but is not supported by Microsoft for IPv6. The last octet is usually the NetBIOS Suffix that explains which services the system has available.
The Windows Internet Naming Service provides name resolution services for NetBIOS.
Two applications start a NetBIOS session when the client sends a command to "call" another client (the server) over TCP port 139. This is referred to as the session mode, where both sides issue "send" and "receive" commands to deliver messages in both directions. The "hang-up" command terminates a NetBIOS session.
Session Service
Sessions Service mainly used to manage sessions and data transfer over already established sessions.
Call - will start a session to the specified NetBIOS name.
Listen - will wait to attempt a sessions request to the current NetBIOS host.
Hang Up - is used to close an already established NetBIOS session.
Send - will send a packet over the specified sessions.
Send No Ack - is the same as Send but it will not require an acknowledgment for the arriving of the packet.
Receive - will want for an incoming packet from the session from the remote NetBIOS host.
nbtstat Command
nbtstat is a command-line tool used to run some NetBIOS functions. We can use nbtstat command in order to manage like register, list, remove local NetBIOS names. In the following example, we will list local NetBIOS names registered to the local system.
[> nbtstat -n]
Comments
Post a Comment