NETBIOS

NETBIOS协议是由IBM公司开发，主要用于数十台计算机的小型局域网。该协议是一种在局域网上的程序可以使用的应用程序编程接口（API），为程序提供了请求低级服务的统一的命令集，作用是为了给局域网提供网络以及其他特殊功能，系统可以利用WINS服务、广播及Lmhost文件等多种模式将NetBIOS名解析为相应IP地址，实现信息通讯，所以在局域网内部使用NetBIOS协议可以方便地实现消息通信及资源的共享。因为它占用系统资源少、传输效率高，所以几乎所有的局域网都是在NetBIOS协议的基础上工作的。



Windows 下可用nbtstat/nbtscan 获取相关信息，例如:



<00>  ----- 代表工作组服务

<20>  ----- 文件共享服务

<1E>  ----- 浏览枚举服务





Name Number(h) Type Usage

--------------------------------------------------------------------------

<computername> 00 U Workstation Service

<computername> 01 U Messenger Service

<\\--__MSBROWSE__> 01 G Master Browser

<computername> 03 U Messenger Service

<computername> 06 U RAS Server Service

<computername> 1F U NetDDE Service

<computername> 20 U File Server Service

<computername> 21 U RAS Client Service

<computername> 22 U Microsoft Exchange Interchange(MSMail Connector)

<computername> 23 U Microsoft Exchange Store

<computername> 24 U Microsoft Exchange Directory

<computername> 30 U Modem Sharing Server Service

<computername> 31 U Modem Sharing Client Service

<computername> 43 U SMS Clients Remote Control

<computername> 44 U SMS Administrators Remote Control Tool

<computername> 45 U SMS Clients Remote Chat

<computername> 46 U SMS Clients Remote Transfer

<computername> 4C U DEC Pathworks TCPIP service on Windows NT

<computername> 42 U mccaffee anti-virus

<computername> 52 U DEC Pathworks TCPIP service on Windows NT

<computername> 87 U Microsoft Exchange MTA

<computername> 6A U Microsoft Exchange IMC

<computername> BE U Network Monitor Agent

<computername> BF U Network Monitor Application

<username> 03 U Messenger Service

<domain> 00 G Domain Name

<domain> 1B U Domain Master Browser

<domain> 1C G Domain Controllers

<domain> 1D U Master Browser

<domain> 1E G Browser Service Elections

<INet~Services> 1C G IIS

<IS~computername> 00 U IIS

<computername> [2B] U Lotus Notes Server Service

IRISMULTICAST [2F] G Lotus Notes

IRISNAMESERVER [33] G Lotus Notes

Forte_$ND800ZA [20] U DCA IrmaLan Gateway Server Service

--------------------------------------------------------------------------------------------------------------------------------

No.     Time           Source                Destination           Protocol Length Info

      3 0.009632000    10.0.2.15             192.168.0.41          NBNS     92     Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

Frame 3: 92 bytes on wire (736 bits), 92 bytes captured (736 bits) on interface 0

Ethernet II, Src: CadmusCo_f2:95:ec (08:00:27:f2:95:ec), Dst: RealtekU_12:35:02 (52:54:00:12:35:02)

Internet Protocol Version 4, Src: 10.0.2.15 (10.0.2.15), Dst: 192.168.0.41 (192.168.0.41)

User Datagram Protocol, Src Port: 48344 (48344), Dst Port: netbios-ns (137)

NetBIOS Name Service

    Transaction ID: 0x034f

    Flags: 0x0010 (Name query)

    Questions: 1

    Answer RRs: 0

    Authority RRs: 0

    Additional RRs: 0

    Queries

        *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN

            Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector)

            Type: NBSTAT

            Class: IN

No.     Time           Source                Destination           Protocol Length Info

      4 0.012812000    192.168.0.41          10.0.2.15             NBNS     217    Name query response NBSTAT

Frame 4: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits) on interface 0

Ethernet II, Src: RealtekU_12:35:02 (52:54:00:12:35:02), Dst: CadmusCo_f2:95:ec (08:00:27:f2:95:ec)

Internet Protocol Version 4, Src: 192.168.0.41 (192.168.0.41), Dst: 10.0.2.15 (10.0.2.15)

User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: 48344 (48344)

NetBIOS Name Service

    Transaction ID: 0x034f

    Flags: 0x8400 (Name query response, No error)

    Questions: 0

    Answer RRs: 1

    Authority RRs: 0

    Additional RRs: 0

    Answers

        *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NBSTAT, class IN

            Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>

            Type: NBSTAT

            Class: IN

            Time to live: 0 seconds

            Data length: 119

            Number of names: 4

            Name: ZHTJIA-PC<00> (Workstation/Redirector)

            Name flags: 0x400 (B-node, unique, active)

            Name: WORKGROUP<00> (Workstation/Redirector)

            Name flags: 0x8400 (B-node, group, active)

            Name: ZHTJIA-PC<20> (Server service)

            Name flags: 0x400 (B-node, unique, active)

            Name: WORKGROUP<1e> (Browser Election Service)

            Name flags: 0x8400 (B-node, group, active)

            Unit ID: 44:87:fc:d2:34:09

            Jumpers: 0x0

            Test result: 0x0

            Version number: 0x0

            Period of statistics: 0x0

            Number of CRCs: 0

            Number of alignment errors: 0

            Number of collisions: 0

            Number of send aborts: 0

            Number of good sends: 0

            Number of good receives: 0

            Number of retransmits: 0

            Number of no resource conditions: 0

            Number of command blocks: 0

            Number of pending sessions: 0

            Max number of pending sessions: 0

            Max total sessions possible: 0

            Session data packet size: 0

-----------------------------------------------------------------------------

推荐:

    http://www.freebuf.com/articles/5238.html
    http://pentestlab.wordpress.com/category/information-gathering/
    http://en.wikipedia.org/wiki/NetBIOS
    http://support.microsoft.com/kb/163409