Gelbe Linie

NETBIOS


BACKGROUND:

Get ready, because it is time to take it to the next level. When talking about Netbios, we typically refer to the concept of a Netbios Name which is the name assigned to your computer. Netbios allows applications to talk to each other using protocols such as TCP/IP that support Netbios. Netbios is also a session/transport layer protocol that is typically seen in other forms such as Netbeui and NetBT. These are the main functions that Netbios serves:

Starting and stopping sessions.
Name registration
Session layer data transfer (reliable)
Datagram data transfer (unreliable)
Protocol driver and network adapter management functions.

NETBIOS NAMING

A Netbios name is either a unique name or a group name, the difference being that a unique name is is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. Netbios name resolution resolves a computer's Netbios name to an IP address. Microsoft offers several different ways to resolve Netbios names and each will be disscussed below.

  • LOCAL BROADCAST - If the destination host is local, then first the Netbios name cache is checked and a broadcast is not sent. If it is not found here, then a name query broadcast is sent out that includes the destination Netbios name. Each computer that receives the broadcast checks to see if it belongs to the name requested. The computer that owns the name then uses ARP to determine the MAC address of the source host. Once obtained a name query response is sent. NOTE: Some routers do not support the fowarding of these broadcasts as they use UDP ports 137 and 138.
  • NETBIOS NAME SERVER - When using a Netbios name server, the cache is checked first and if the name is not found the destination host's name is sent to the name server. After the name server resolves the name to an IP address, it is returned to the source host. When the source host receives the information it uses ARP to resolve the IP address of the destination host to its MAC address.
  • LMHOSTS FILE - More on this later...
  • HOSTS FILE - More on this later...
  • DNS - More on this later...

NBSTAT COMMANDS

1) nbstat -n Lists all registered Netbios names.
2) nbstat -c Shows the Netbios cache.
3) nbstat -R Reloads the Netbios name cache from the lmhosts file.