The principle of Nbtscan LAN scanning

The source of this article: Http://blog.csdn.net/xizhibei

=============================

Believe that the network should have heard of nbtscan this tool, when we are in the LAN, want to query the same LAN host, it is a good tool (such as tracking ARP scam source)

It is also very easy to use, under Win, Nbtscan+ip Range can, such as: (My IP is 172.17.27.199, subnet mask is 255.255.255.0, the following grab packet will be used to my IP to find the corresponding packet)

will soon be able to get the information around the host, then, here is the question, how it is implemented, obviously because there is a MAC address, is estimated to be related to the ARP protocol.

Open the grab Bag tool to see it, with Wireshark, so I caught the message:

Sure enough with the ARP protocol, the equivalent of traversing each IP, using ARP broadcast related information, and then received the host will reply to my machine, then the other side of the IP and MAC address I will know, the last image of the second packet is 172,.17.27.193 ARP reply message.

Well, then, then, there's a problem: the ARP protocol doesn't have a hostname at all.

I believe you should also find, is the yellow line in the picture, Nbtscan in the other side of the IP and Mac, and then send a NBNS protocol packet, get the host name of the other party (about NBNS, in this http://baike.baidu.com/view/1403776.htm)

Summarize the running flow of this tool:

Iterate over the IP range of the input, send ARP query to broadcast MAC address once the ARP reply is received, record the corresponding IP and MAC address, and send the NBNS message to each other to query each other's host information to print out each piece of information

Well, this tool is still very good, the principle is very simple, another day to realize the next, only to this memorial to my sad reminder of the network exam ...