2022-07-12 23:11:50 +0000 | received badge | ● Notable Question (source) |
2022-07-12 23:11:50 +0000 | received badge | ● Popular Question (source) |
2020-04-15 16:12:26 +0000 | marked best answer | NBNS, ICMP followed by DHCP Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently analysing a capture for learning purposes and there's some communication that I can't follow nor find a clear explanation to what is happening. It seems to be a TELNET communication between two machines A (192.168.251.1) and B (192.168.251.11) in the same network. A initiates the TCP connection which gets accepted by B followed by the initiation of the TELNET connection. What comes next it's not clear to me. B queries machine A NetBios Name Service with NBSTAT. An ICMP packet is sent as response stating that port on A is unreachable. This is repeated two more times. My guess: there's a third machine (C), outside this network, that is initiating the TELNET communication to B, and A is a router forwarding packets from C to B. B detects someone is requesting access and asks A (the router) if C is within the NetBIOS valid list of resources. A, however, is not running NBNS and UDP port 137 is, therefore, not reachable. After the NBNS packets there are two DHCP packets. B sends a DHCP request to A and gets acknowledged. Is machine B just refreshing the time lease for the same address? Are these scenarios connected? |
2020-04-15 16:12:26 +0000 | received badge | ● Scholar (source) |
2020-04-15 15:00:47 +0000 | commented answer | NBNS, ICMP followed by DHCP Thanks for the answer, it sure helped me understand better and search for more info with the right keywords. One more th |
2020-04-15 00:27:31 +0000 | commented question | NBNS, ICMP followed by DHCP Sure @bubbasnmp, here's a shareable link: https://drive.google.com/open?id=16AaFE_FJXbxIA4-v-zG32R65w9HtNH3r |
2020-04-14 23:12:19 +0000 | received badge | ● Editor (source) |
2020-04-14 23:12:19 +0000 | edited question | NBNS, ICMP followed by DHCP NBNS, ICMP followed by DHCP Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently an |
2020-04-14 23:10:53 +0000 | asked a question | NBNS, ICMP followed by DHCP NBNS, ICMP followed by DHCP Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently an |