NETBIOS

NETBIOS协议是由IBM公司开发,主要用于数十台计算机的小型局域网。该协议是一种在局域网上的程序可以使用的应用程序编程接口(API),为程序提供了请求低级服务的统一的命令集,作用是为了给局域网提供网络以及其他特殊功能,系统可以利用WINS服务、广播及Lmhost文件等多种模式将NetBIOS名解析为相应IP地址,实现信息通讯,所以在局域网内部使用NetBIOS协议可以方便地实现消息通信及资源的共享。因为它占用系统资源少、传输效率高,所以几乎所有的局域网都是在NetBIOS协议的基础上工作的。


Windows 下可用nbtstat/nbtscan 获取相关信息,例如:


<00>  ----- 代表工作组服务

<20>  ----- 文件共享服务

<1E>  ----- 浏览枚举服务


Name Number(h) Type Usage

--------------------------------------------------------------------------

<computername> 00 U Workstation Service

<computername> 01 U Messenger Service

<\\--__MSBROWSE__> 01 G Master Browser

<computername> 03 U Messenger Service

<computername> 06 U RAS Server Service

<computername> 1F U NetDDE Service

<computername> 20 U File Server Service

<computername> 21 U RAS Client Service

<computername> 22 U Microsoft Exchange Interchange(MSMail Connector)

<computername> 23 U Microsoft Exchange Store

<computername> 24 U Microsoft Exchange Directory

<computername> 30 U Modem Sharing Server Service

<computername> 31 U Modem Sharing Client Service

<computername> 43 U SMS Clients Remote Control

<computername> 44 U SMS Administrators Remote Control Tool

<computername> 45 U SMS Clients Remote Chat

<computername> 46 U SMS Clients Remote Transfer

<computername> 4C U DEC Pathworks TCPIP service on Windows NT

<computername> 42 U mccaffee anti-virus

<computername> 52 U DEC Pathworks TCPIP service on Windows NT

<computername> 87 U Microsoft Exchange MTA

<computername> 6A U Microsoft Exchange IMC

<computername> BE U Network Monitor Agent

<computername> BF U Network Monitor Application

<username> 03 U Messenger Service

<domain> 00 G Domain Name

<domain> 1B U Domain Master Browser

<domain> 1C G Domain Controllers

<domain> 1D U Master Browser

<domain> 1E G Browser Service Elections

<INet~Services> 1C G IIS

<IS~computername> 00 U IIS

<computername> [2B] U Lotus Notes Server Service

IRISMULTICAST [2F] G Lotus Notes

IRISNAMESERVER [33] G Lotus Notes

Forte_$ND800ZA [20] U DCA IrmaLan Gateway Server Service

--------------------------------------------------------------------------------------------------------------------------------

No.     Time           Source                Destination           Protocol Length Info
      3 0.009632000    10.0.2.15             192.168.0.41          NBNS     92     Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

Frame 3: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface 0
Ethernet II, Src: CadmusCo_f2:95:ec (08:00:27:f2:95:ec), Dst: RealtekU_12:35:02 (52:54:00:12:35:02)
Internet Protocol Version 4, Src: 10.0.2.15 (10.0.2.15), Dst: 192.168.0.41 (192.168.0.41)
User Datagram Protocol, Src Port: 48344 (48344), Dst Port: netbios-ns (137)
NetBIOS Name Service
    Transaction ID: 0x034f
    Flags: 0x0010 (Name query)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
            Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)
            Type: NBSTAT
            Class: IN

No.     Time           Source                Destination           Protocol Length Info
      4 0.012812000    192.168.0.41          10.0.2.15             NBNS     217    Name query response NBSTAT

Frame 4: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface 0
Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: CadmusCo_f2:95:ec (08:00:27:f2:95:ec)
Internet Protocol Version 4, Src: 192.168.0.41 (192.168.0.41), Dst: 10.0.2.15 (10.0.2.15)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: 48344 (48344)
NetBIOS Name Service
    Transaction ID: 0x034f
    Flags: 0x8400 (Name query response, No error)
    Questions: 0
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 0
    Answers
        *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN
            Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
            Type: NBSTAT
            Class: IN
            Time to live: 0 seconds
            Data length: 119
            Number of names: 4
            Name: ZHTJIA-PC<00> (Workstation/Redirector)
            Name flags: 0x400 (B-node, unique, active)
            Name: WORKGROUP<00> (Workstation/Redirector)
            Name flags: 0x8400 (B-node, group, active)
            Name: ZHTJIA-PC<20> (Server service)
            Name flags: 0x400 (B-node, unique, active)
            Name: WORKGROUP<1e> (Browser Election Service)
            Name flags: 0x8400 (B-node, group, active)
            Unit ID: 44:87:fc:d2:34:09
            Jumpers: 0x0
            Test result: 0x0
            Version number: 0x0
            Period of statistics: 0x0
            Number of CRCs: 0
            Number of alignment errors: 0
            Number of collisions: 0
            Number of send aborts: 0
            Number of good sends: 0
            Number of good receives: 0
            Number of retransmits: 0
            Number of no resource conditions: 0
            Number of command blocks: 0
            Number of pending sessions: 0
            Max number of pending sessions: 0
            Max total sessions possible: 0
            Session data packet size: 0

-----------------------------------------------------------------------------

推荐:
    http://www.freebuf.com/articles/5238.html
    http://pentestlab.wordpress.com/category/information-gathering/
    http://en.wikipedia.org/wiki/NetBIOS
    http://support.microsoft.com/kb/163409



评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值