NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks.
NetBIOS was developed in the early 1980s, targeting very small networks (about a dozen computers). Some applications still use NetBIOS, and do not scale well in today's networks of hundreds of computers when NetBIOS is run over NBF. When properly configured, NBT allows those applications to be run on large TCP/IP networks (including the whole Internet, although that is likely to be subject to security problems) without change.
NBT is defined by the RFC 1001 and RFC 1002 standard documents.
NetBIOS provides three distinct services:
NBT implements all of those services.
In NetBIOS, each participant must register on the network using a unique name of at most 15 characters. In legacy networks, when a new application wanted to register a name, it had to broadcast a message saying "Is anyone currently using that name?" and wait for an answer. If no answer came back, it was safe to assume that the name was not in use. However, the wait timeout was a few seconds, making the name registration a very lengthy process, as the only way of knowing that a name was not registered was to not receive any answer.
NBT can implement a central repository, or Name Service, that records all name registrations. An application wanting to register a name would therefore contact the name server (which has a known network address) and ask whether the name is already registered, using a "Name Query" packet. This is much faster, as the name server returns a negative response immediately if the name is not already in the database, meaning it is available. The Name Service, according to RFCs 1001 and 1002, is called NetBIOS Naming Service or NBNS. Microsoft WINS is an implementation of NBNS. It is worth saying that due to constant development of the way in which the Name Service handles conflict or merges, "group names" varies from vendor to vendor and can even be different by version e.g. with the introduction of a service pack.
The packet formats of the Name Service are identical to DNS. The key differences are the addition of NetBIOS "Node Status" query, dynamic registration and conflict marking packets. They are encapsulated in UDP. Later implementation includes an optional Scope part of the name, making NetBIOS name hierarchical like DNS, but this is seldom used.
In addition, to start a session or to send a datagram to a particular host rather than to broadcast the datagram, NBT will have to determine the IP address of the host with a given NetBIOS name; this is done by broadcasting a "Name Query" packet, and/or sending it to the NetBIOS name server. The response will have the IP address of the host with that name.
NBNS is one of the first proper dynamic peer-to-peer distributed name registration services. The NBNS protocol was brought into disrepute by Microsoft: it earned a bad name for being 'chatty', swamping networks with dynamic registration traffic on multiple protocols (IPX/SPX, NBF and TCP/IP) as people badly misconfigured their machines and their networks[ citation needed ]. The principles implemented in NBNS have been reimplemented many times, including in such systems as zeroconf and MobileIP.
Datagram mode is "connectionless"; NetBIOS datagrams are sent over UDP. A datagram is sent with a "Direct Unique" or "Direct Group" packet if it's being sent to a particular NetBIOS name, or a "Broadcast" packet if it's being sent to all NetBIOS names on the network.
Session mode lets two computers establish a connection for a "conversation", allows larger messages to be handled, and provides error detection and recovery.
Sessions are established by exchanging packets. The computer establishing the session attempts to make a TCP connection to port 139 on the computer with which the session is to be established. If the connection is made, the computer establishing the session then sends over the connection a "Session Request" packet with the NetBIOS names of the application establishing the session and the NetBIOS name to which the session is to be established. The computer with which the session is to be established will respond with a "Positive Session Response" indicating that a session can be established or a "Negative Session Response" indicating that no session can be established (either because that computer isn't listening for sessions being established to that name or because no resources are available to establish a session to that name).
Data is transmitted during an established session by Session Message packets.
TCP handles flow control and retransmission of all session service packets, and the dividing of the data stream over which the packets are transmitted into IP datagrams small enough to fit in link-layer packets.
Sessions are closed by closing the TCP connection.
NBT exposes information and interfaces that are often appropriate for a LAN under an organization's administrative control, but which are not appropriate for a less trusted network such as the Internet. For example, the NetBIOS Name Service (NBNS), running over UDP or TCP port 137, allows any computer to register its hostname with other computers. An attacker could contact any host and claim that they are a particular service the host regularly contacts, such as a file server. This could result in a middleperson attack against listening hosts, and ultimately in the compromise of credentials used by the listening hosts to access network services over NBT. Tools such as NBNSpoof can be used to perform this attack. [1] [2]
Exposure of NBT to the Internet also discloses, as a practical matter, that the host answering on NBT ports is running Windows. This can be used to better target malicious activity that might be specific to one operating system.
In relation to post-MS Windows 2000 / NT, client-server based networks, NetBIOS is effectively becoming a legacy protocol. NetBIOS was also developed for non-routable LANs. In most post year 2000 networks operating Windows 2000 or later, NetBIOS effectively offers backwards compatibility for network devices that predate compatibility with DNS. A central role of NetBIOS in Client-Server networks (and also those networks that have networked peripheral hardware that also predates DNS compatibility) is to provide name resolution to computers and networked peripherals. Further, it allows for such networked hardware to be accessed and shared and also enables the mapping and browsing of network folders, shares and shared printers, faxes, etc. In its primary capacity, it acts as a session-layer protocol transported over TCP/IP to provide name resolution to a computer and shared folders. To that end, Windows 2000-based, Client-Server networks - and later - do not require this insecure means of name resolving and addressing or navigating of network shares. [3]
Developer(s) | Microsoft |
---|---|
Operating system | Microsoft Windows |
Type | Command |
License | Proprietary commercial software |
Website | nbtstat |
The nbtstat
command is a diagnostic tool for NetBIOS over TCP/IP. Its primary design is to help troubleshoot NetBIOS name resolution problems. [4] The command is included in several versions of Microsoft Windows. There are several commands involved with nbtstat
that allows several options such as: local cache lookup, WINS Server query, broadcast, LMHOSTS lookup, and Hosts lookup. It is not for DNS server query. [5]
When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. It does this through several options for NetBIOS name resolution, including local cache lookup, WINS server query, broadcast, LMHOSTS lookup, Hosts lookup, and DNS server query. The command removes and corrects preloaded entries using a number of case-sensitive switches. The nbtstat -a < name >
command performs a NetBIOS adapter status command on the computer name specified by < name >
. The adapter status command returns the local NetBIOS name table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP address >
command performs the same function using a target IP address rather than a name.
nbtstat [-a RemoteName] [-A IPAddress] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]
The common parameters are:< [5]
The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.
The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). Early versions of this networking model were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.
In computing, traceroute
and tracert
are diagnostic command-line interface commands for displaying possible routes (paths) and transit delays of packets across an Internet Protocol (IP) network.
In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.
Berkeley sockets is an application programming interface (API) for Internet sockets and Unix domain sockets, used for inter-process communication (IPC). It is commonly implemented as a library of linkable modules. It originated with the 4.2BSD Unix operating system, which was released in 1983.
A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in resolving human-readable host names into IP addresses that are used in communication between Internet hosts.
NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. Operating systems of the 1980s ran NetBIOS over IEEE 802.2 and IPX/SPX using the NetBIOS Frames (NBF) and NetBIOS over IPX/SPX (NBX) protocols, respectively. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. NetBIOS is also used for identifying system names in TCP/IP (Windows).
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.
NetBIOS Frames (NBF) is a non-routable network- and transport-level data protocol most commonly used as one of the layers of Microsoft Windows networking in the 1990s. NBF or NetBIOS over IEEE 802.2 LLC is used by a number of network operating systems released in the 1990s, such as LAN Manager, LAN Server, Windows for Workgroups, Windows 95 and Windows NT. Other protocols, such as NBT, and NBX (NetBIOS-over-IPX/SPX) also implement the NetBIOS/NetBEUI services over other protocol suites.
Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.
In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.
Windows Internet Name Service (WINS) is the Microsoft implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Effectively, WINS is to NetBIOS names what DNS is to domain names — a central mapping of host names to network addresses. Like the DNS, it is implemented in two parts, a server service and a TCP/IP client component which manages the client's registration and renewal of names, and takes care of queries. Basically, Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.
STUN is a standardized set of methods, including a network protocol, for traversal of network address translator (NAT) gateways in applications of real-time voice, video, messaging, and other interactive communications.
Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems.
In computer networking, the multicast DNS (mDNS) protocol resolves hostnames to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as unicast Domain Name System (DNS). It was designed to work as either a stand-alone protocol or compatible with standard DNS servers. It uses IP multicast User Datagram Protocol (UDP) packets and is implemented by the Apple Bonjour and open-source Avahi software packages, included in most Linux distributions. Although the Windows 10 implementation was limited to discovering networked printers, subsequent releases resolved hostnames as well. mDNS can work in conjunction with DNS Service Discovery (DNS-SD), a companion zero-configuration networking technique specified separately in RFC 6763.
A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.
In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers.
In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.
SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.