NETBIOS协议是由IBM公司开发,主要用于数十台计算机的小型局域网。该协议是一种在局域网上的程序可以使用的应用程序编程接口(API),为程序提供了请求低级服务的统一的命令集,作用是为了给局域网提供网络以及其他特殊功能,系统可以利用WINS服务、广播及Lmhost文件等多种模式将NetBIOS名解析为相应IP地址,实现信息通讯,所以在局域网内部使用NetBIOS协议可以方便地实现消息通信及资源的共享。因为它占用系统资源少、传输效率高,所以几乎所有的局域网都是在NetBIOS协议的基础上工作的。
Windows 下可用nbtstat/nbtscan 获取相关信息,例如:
<00> ----- 代表工作组服务
<20> ----- 文件共享服务
<1E> ----- 浏览枚举服务
Name Number(h) Type Usage
--------------------------------------------------------------------------
<computername> 00 U Workstation Service
<computername> 01 U Messenger Service
<\\--__MSBROWSE__> 01 G Master Browser
<computername> 03 U Messenger Service
<computername> 06 U RAS Server Service
<computername> 1F U NetDDE Service
<computername> 20 U File Server Service
<computername> 21 U RAS Client Service
<computername> 22 U Microsoft Exchange Interchange(MSMail Connector)
<computername> 23 U Microsoft Exchange Store
<computername> 24 U Microsoft Exchange Directory
<computername> 30 U Modem Sharing Server Service
<computername> 31 U Modem Sharing Client Service
<computername> 43 U SMS Clients Remote Control
<computername> 44 U SMS Administrators Remote Control Tool
<computername> 45 U SMS Clients Remote Chat
<computername> 46 U SMS Clients Remote Transfer
<computername> 4C U DEC Pathworks TCPIP service on Windows NT
<computername> 42 U mccaffee anti-virus
<computername> 52 U DEC Pathworks TCPIP service on Windows NT
<computername> 87 U Microsoft Exchange MTA
<computername> 6A U Microsoft Exchange IMC
<computername> BE U Network Monitor Agent
<computername> BF U Network Monitor Application
<username> 03 U Messenger Service
<domain> 00 G Domain Name
<domain> 1B U Domain Master Browser
<domain> 1C G Domain Controllers
<domain> 1D U Master Browser
<domain> 1E G Browser Service Elections
<INet~Services> 1C G IIS
<IS~computername> 00 U IIS
<computername> [2B] U Lotus Notes Server Service
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA IrmaLan Gateway Server Service
--------------------------------------------------------------------------------------------------------------------------------
No. Time Source Destination Protocol Length Info
3 0.009632000 10.0.2.15 192.168.0.41 NBNS 92 Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Frame 3: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface 0
Ethernet II, Src: CadmusCo_f2:95:ec (08:00:27:f2:95:ec), Dst: RealtekU_12:35:02 (52:54:00:12:35:02)
Internet Protocol Version 4, Src: 10.0.2.15 (10.0.2.15), Dst: 192.168.0.41 (192.168.0.41)
User Datagram Protocol, Src Port: 48344 (48344), Dst Port: netbios-ns (137)
NetBIOS Name Service
Transaction ID: 0x034f
Flags: 0x0010 (Name query)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
Type: NBSTAT
Class: IN
No. Time Source Destination Protocol Length Info
4 0.012812000 192.168.0.41 10.0.2.15 NBNS 217 Name query response NBSTAT
Frame 4: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface 0
Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: CadmusCo_f2:95:ec (08:00:27:f2:95:ec)
Internet Protocol Version 4, Src: 192.168.0.41 (192.168.0.41), Dst: 10.0.2.15 (10.0.2.15)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: 48344 (48344)
NetBIOS Name Service
Transaction ID: 0x034f
Flags: 0x8400 (Name query response, No error)
Questions: 0
Answer RRs: 1
Authority RRs: 0
Additional RRs: 0
Answers
*<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
Type: NBSTAT
Class: IN
Time to live: 0 seconds
Data length: 119
Number of names: 4
Name: ZHTJIA-PC<00> (Workstation/Redirector)
Name flags: 0x400 (B-node, unique, active)
Name: WORKGROUP<00> (Workstation/Redirector)
Name flags: 0x8400 (B-node, group, active)
Name: ZHTJIA-PC<20> (Server service)
Name flags: 0x400 (B-node, unique, active)
Name: WORKGROUP<1e> (Browser Election Service)
Name flags: 0x8400 (B-node, group, active)
Unit ID: 44:87:fc:d2:34:09
Jumpers: 0x0
Test result: 0x0
Version number: 0x0
Period of statistics: 0x0
Number of CRCs: 0
Number of alignment errors: 0
Number of collisions: 0
Number of send aborts: 0
Number of good sends: 0
Number of good receives: 0
Number of retransmits: 0
Number of no resource conditions: 0
Number of command blocks: 0
Number of pending sessions: 0
Max number of pending sessions: 0
Max total sessions possible: 0
Session data packet size: 0
-----------------------------------------------------------------------------
推荐:
http://www.freebuf.com/articles/5238.html
http://pentestlab.wordpress.com/category/information-gathering/
http://en.wikipedia.org/wiki/NetBIOS
http://support.microsoft.com/kb/163409