NetBIOS protocol and NetBIOS name problems

When using the NetBIOS protocol. We usually encounter some problems. These problems are actually some obfuscation of NetBIOS names. Then we need to understand the specific process of this agreement. Next, let's take a closer look at this issue. The NetBIOS protocol (basic network input/output system) was initially developed by IBM and Sytek as an API to enable user software to use LAN resources. Since its birth, NetBIOS has become the basis of many other network applications. Strictly speaking, NetBIOS is the interface standard for accessing network services.

NetBIOS was originally designed as THE network controller for the ibm lan and is a software layer that uses specific hardware to connect to THE network operating system. NetBIOS is extended and allows the program to use the NetBIOS interface to operate the IBM licensing ring structure. NetBIOS has been recognized as an industrial standard. Generally, refer to NetBIOS-compatible LANs.

It provides a set of methods for network programs to communicate with each other and transmit data. Basically, NetBIOS allows programs and network sessions. It aims to separate the program from any type of hardware property. It also frees software developers from the following responsibilities: network error fixing, low-layer information addressing, and routing. Using the NetBIOS interface, you can do a lot of work for software developers.

NetBIOS standardizes interfaces between program and LAN operation capabilities. With them, you can refine the program to which layer of the osi model is written, so that the program can be transplanted to other networks. In the NetBIOS LAN environment, the computer name is known by the system. Each computer in the network has a permanent name compiled using different methods. These names will be further discussed below.

By using NetBIOS datagram or broadcast, a PC on the NetBIOS LAN establishes a session to communicate with each other. Sessions allow more information to be transmitted, detected, and corrected. Communication is based on one-to-one communication. The datagram or broadcast mode allows one computer to communicate with multiple other computers at the same time, but the information size is limited. No errors are detected or corrected using the datagram or broadcast method. However, you do not need to establish a session for datagram communication.

In this environment, all communication is submitted to NetBIOS in a format called "Network Control Block. The allocation of these blocks in the memory depends on the user program. These "network control blocks" are allocated to the domain and reserved for input and output respectively.

In today's environments, NetBIOS is a common protocol. Ethernet, licensing ring, and ibm pc network support NetBIOS. In its original version, it serves only as an interface for programs and network adapters. Since then, the transfer function has been added to NetBIOS, increasing its functionality.

In NetBIOS, connection-oriented (tcp) and non-connection (udp) communication are supported. It supports broadcast and replay, and supports three separate services: naming, session, and datagram.

NetBIOS Name

The NetBIOS name is used to identify resources on the network. The program starts and ends the session with these names. You can use multiple programs to configure a separate machine. Each program has a unique NetBIOS name. Each pc supporting applications also has a user-defined or internal NetBIOS site name.

The NetBIOS protocol can contain up to 16 alpha letters. In the entire resource routing network, the combination of letters must be unique. Before a pc using NetBIOS can fully work on the network, the pc must first register the NetBIOS name.

Take a closer look at the following. Start a machine ~~ What is he doing ??

When Client A is active, client A broadcasts its name. When it successfully broadcasts itself, and no one else has the same name as it, the client registers successfully. The registration process is as follows:

1. On login, client A broadcasts its own and its NetBIOS information 6 to 10 times in all places. In this way, the Who wants to come up with A hack ....), Make sure that other network members receive the message. If A machine does not receive the message, the client A in the network neighbor of the machine will be invisible)

2. If another client B uses this name, another client B releases its own broadcast, including the name it is using. Client A requesting login to stop all registration attempts.

3. If no other client is opposed to registration, client A requesting login completes the registration process. If A name server is available, the name server will be recorded in its database. The name of A server is A, and the IP address is XXX.

4. When host A is shut down normally, broadcast again to release the name just registered. After receiving the name, the computer on the same network segment will put it in the network neighbor and the sesame oil. Rely on, fainted and shut down normally ..... Abnormal? Don't worry.) If there is a Wins server on the Internet, the name will be canceled after the client shuts down abnormally for a certain period of time. If the sesame oil wins service is used, you can hit the icon in your neighbor's network. Be careful. At this time, the query name must be broadcast. If you have dozens of machines on the internet, broadcast N Articles and wait for an answer

Is the problem solved? You need to know that broadcast packets are prone to problems, especially in networks with a large number of machines. This is one of the reasons why Network peers often cannot find people, and broadcast packets cannot pass through the routing, therefore, machines of different subnets are invisible in the network neighbors. If a wins server exists and the node type is not B, it will be a little better and it will not be broadcast. For details, refer to relevant information about the wins node type)

In fact, even if some machines do not receive A registration request, that is, they cannot be seen in the network neighbors. As long as A is not exactly the same as B, it would be better if there is A WINS service, it doesn't matter if you have the same name with him. WINS will update the record or refuse A to register the name. When you try to communicate with host A Based on NetBios, such as passing only files, you will first query the NetBios protocol name. If you find it, you will start communication.

There are two types of names in the NetBIOS protocol environment: unique and set. The unique name must be unique in the network. The Set Name does not have to be unique in the network. All processes with the same name belong to the same set. Each NetBIOS node contains a table with the current name of the node.

NetBIOS names can contain 16 letters. Microsoft only allows 15 letters to be used in the NetBIOS name, and the third letter is the NetBIOS suffix. The NetBIOS suffix is used in Microsoft networking software to differentiate the features of installation and the registered devices and services.

[Note: smb and nbt work closely together on TCP/IP NetBIOS, and both use port 137,138,139. Port 137 is the NetBIOS name UDP, port 138 is the NetBIOS datagram UDP, and port 139 is the NetBIOS session tcp] Hey hey, I have never heard of this port number for security knowledge, whether it is necessary for network neighbors to be aware of security issues