Ask Your Question

NoNotTheSquirrelsAgain's profile - activity

overview network karma followed questions activity
2020-03-10 12:13:00 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Length: 76 C
2020-03-10 12:11:38 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Length: 76 C
2020-03-10 12:11:03 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137

2020-03-10 12:10:43 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Leng
2020-03-10 12:10:33 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Length: 76 C
2020-03-10 12:08:29 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137

2020-03-10 12:08:02 +0000 commented question NBNS Protocol overloading a vlan

User Datagram Protocol, Src Port: 137, Dst Port: 137 Source Port: 137 Destination Port: 137 Leng
2020-03-10 12:07:24 +0000 commented question NBNS Protocol overloading a vlan

Internet Protocol Version 4, Src: 169.254.175.195, Dst: 169.254.255.255 0100 .... = Version: 4 .... 0101 = Hea
2020-03-10 12:06:58 +0000 commented question NBNS Protocol overloading a vlan

Internet Protocol Version 4, Src: 169.254.175.195, Dst: 169.254.255.255 0100 .... = Version: 4 .... 0101 = Heade
2020-03-10 12:05:59 +0000 commented question NBNS Protocol overloading a vlan

Internet Protocol Version 4, Src: 169.254.175.195, Dst: 169.254.255.255 0100 .... = Version: 4 .... 0101 = Heade
2020-03-09 20:13:12 +0000 commented question NBNS Protocol overloading a vlan

Do you mean the field at the bottom of the three windows? 0000 ff ff ff ff ff ff 00 03 aa 00 2a 0f 08 00 45 00 ...
2020-03-09 18:52:11 +0000 commented answer NBNS Protocol overloading a vlan

Many thanks. SMB v1 is hurting us elsewhere by some legacy app that we are trying to get rid of.

2020-03-09 18:51:24 +0000 marked best answer NBNS Protocol overloading a vlan

Hello, First time posting here, I apologize if I screw it up.

We are seeing random 'NetBIOS Name Service' (WINs) broadcasts (1-3 times a day at random times) going across a vlan. This traffic overloads the vlan and our phone system goes down as a result due to heartbeat timers expiring between devices.

Here is an example:

15641   2020-03-09 08:01:12.435091  169.254.175.195 169.254.255.255 NBNS    110 Registration NB OH101289<20>

Frame 15641: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface \Device\NPF_{4CB19F40-9878-4814-8D24-F2CF192BBA0D}, id 0
    Interface id: 0 (\Device\NPF_{4CB19F40-9878-4814-8D24-F2CF192BBA0D})
    Encapsulation type: Ethernet (1)
    Arrival Time: Mar  9, 2020 08:01:12.435091000 Eastern Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1583755272.435091000 seconds
    [Time delta from previous captured frame: 0.000080000 seconds]
    [Time delta from previous displayed frame: 0.000080000 seconds]
    [Time since reference or first frame: 2226.259421000 seconds]
    Frame Number: 15641
    Frame Length: 110 bytes (880 bits)
    Capture Length: 110 bytes (880 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:nbns]
    [Coloring Rule Name: SMB]
    [Coloring Rule String: smb || nbss || nbns || netbios]

Ethernet II, Src: Watlow_00:2a:0f (00:03:aa:00:2a:0f), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
    Source: Watlow_00:2a:0f (00:03:aa:00:2a:0f)
    Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 169.254.175.195, Dst: 169.254.255.255
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 96
    Identification: 0xc40d (50189)
    Flags: 0x0000
    ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 48
    Protocol: UDP (17)
    Header checksum: 0xc2bf [validation disabled]
    [Header checksum status: Unverified]
    Source: 169.254.175.195
    Destination: 169.254.255.255

User Datagram Protocol, Src Port: 137, Dst Port: 137
    Source Port: 137
    Destination Port: 137
    Length: 76
    Checksum: 0x8e6e [unverified]
    [Checksum Status: Unverified]
    [Stream index: 335]
    [Timestamps]

NetBIOS Name Service
    Transaction ID: 0xd4c8
    Flags: 0x2910, Opcode: Registration, Recursion desired, Broadcast
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        OH101289<20>: type NB, class IN
    Additional records

It looks like the source device is in Ethernet II field and is named "Watlow_MAC Address" and the target being Queried is a workstation on our network named "OH101289".

Does this sound correct in my source/destination assumption? I am unsure as to why the source device would be targeting the destination workstation as I assumed this was a UDP broadcast?

Any help would be appreciated.

Thanks
2020-03-09 18:51:24 +0000 received badge  Scholar (source)
2020-03-09 14:30:42 +0000 received badge  Rapid Responder
2020-03-09 14:30:42 +0000 answered a question NBNS Protocol overloading a vlan

Hi, Thanks for your response. Yes, that manufacturer is correct. No, we are unaware of anyone testing this type of d
2020-03-09 13:46:15 +0000 asked a question NBNS Protocol overloading a vlan

NBNS Protocol overloading a vlan Hello, First time posting here, I apologize if I screw it up. We are seeing random 'Ne
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2