port icon Stats API
  • TCP
    80 23 443 21 22 25 3389 110 445 39
  • UDP
    31 161 137 123 138 1434 445 135 67 53
    • BuyMeCofee

    NetBIOS Name Service (NBNS)

    Profile Pic
    NBNS
    NetBIOS Name Service

    NBNS used in Windows-based networks to translate NetBIOS computer names to IP addresses.

    Port: 137 UDP  |  RFC:1001

    OSI Layer: 6 ( Session layer)

    Cyber Security Stance: Low

    Designed by Vivekanand Padala

    Protocol Overview

    NETBIOS-NS is part of the NetBIOS protocol suite, which was developed by Microsoft in the 1980s as a way to allow Windows-based computers to communicate with each other in a networked environment.

    NetBIOS-NS uses User Datagram Protocol (UDP) as its transport protocol and operates on port 137. When a device needs to resolve a NetBIOS name, it sends a broadcast message to the network asking for the IP address associated with that name. The device that is hosting the NetBIOS name will respond with its IP address, allowing the requesting device to establish a connection.

    Although NetBIOS-NS is an important protocol for early versions of Windows and some legacy applications, it has some security vulnerabilities and is not typically used on modern networks. Many modern operating systems have replaced NetBIOS-NS with more secure and efficient protocols, such as DNS or the Lightweight Directory Access Protocol (LDAP).

    NBNS workflow

    1. The client sends a NetBIOS name query request (NBSTAT) to the NBNS server. The NBSTAT request contains the NetBIOS name of the destination device that the client wants to communicate with.
    2. The NBNS server receives the NBSTAT request and checks its local NetBIOS name cache to see if it has a matching IP address for the requested NetBIOS name. If it finds a match, it responds to the client with the IP address.
    3. If the NBNS server does not have a matching IP address in its local cache, it broadcasts a NetBIOS name query request (NBQUERY) to all devices on the network.
    4. The device that has the requested NetBIOS name responds to the NBQUERY request with its IP address.
    5. The NBNS server receives the response from the device and caches the NetBIOS name and IP address mapping in its local cache for future use.
    6. The NBNS server responds to the original NBSTAT request from the client with the IP address it received from the device that responded to the NBQUERY request.
    7. The client can now use the IP address to establish a connection with the destination device.

    Github icon Twitter icon Coffee icon
    © 2024 AndySvints
    Design by Tristan Johnson , Filipe Kiss & sora.
    Icons made by Freepik from www.flaticon.com.
    An error has occurred. This application may no longer respond until reloaded. Reload 🗙