Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently analysing a capture for learning purposes and there's some communication that I can't follow nor find a clear explanation to what is happening.
It seems to be a TELNET communication between two machines A (192.168.251.1) and B (192.168.251.11) in the same network. A initiates the TCP connection which gets accepted by B followed by the initiation of the TELNET connection. What comes next it's not clear to me. B queries machine A NetBios Name Service with NBSTAT. An ICMP packet is sent as response stating that port on A is unreachable. This is repeated two more times.
My guess: there's a third machine (C), outside this network, that is initiating the TELNET communication to B, and A is a router forwarding packets from C to B. B detects someone is requesting access and asks A (the router) if C is within the NetBIOS valid list of resources. A, however, is not running NBNS and UDP port 137 is, therefore, not reachable.
After the NBNS packets there are two DHCP packets. B sends a DHCP request to A and gets acknowledged. Is machine B just refreshing the time lease for the same address? Are these scenarios connected?
