NetBIOS is an acronym for Network Basic Input/Output System. The NetBIOS API allows applications on separate computers to communicate over a local area network. It provides services related to the session layer of the OSI model.
NetBIOS was developed by Sytek Inc. for IBM 's PC-Network in 1983. The interface was designed for small networks; PC-Network only supported up to 80 devices in its baseband form. Since the interface was only originally published through a technical reference book from IBM, the protocol's API became a de facto standard.
In 1985, IBM went forward with the Token-Ring network scheme and a NetBIOS emulator was produced to allow PC-Network applications to work over this new design, using the NetBEUI protocol to provide the NetBIOS services over the IEEE 802.2 Logical Link Control layer. With Novell's release of Advanced Novell Netware 2.0 in 1986, NetBIOS was reconfigured to be encapsulated in the IPX/SPX protocol. After the PS/2 computer hit the market in 1987 IBM was finally prompted to release the PC LAN Support Program, which included a driver for NetBIOS. At the same time, they also developed a method of encapsulating NetBIOS in a TCP packet (NBT) and released RFC 1001 - "Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Concepts and methods" and RFC 1002 - "Protocol standard for a NetBIOS service on a TCP/UDP transport: Detailed specifications".
NetBIOS provides three distinct services:
Name service for name registration and resolution
Session service for connection-oriented communication
Datagram distribution service for connectionless communication
(Note: SMB, an upper layer, is a service that runs on top of the Session Service and the Datagram service, and is not to be confused as a necessary and integral part of NetBIOS itself. It can now run atop TCP with a small adaptation layer that adds a packet length to each SMB message; this is necessary because TCP only provides a byte-stream service with no notion of packet boundaries.)
In order to start Sessions or distribute Datagrams, an application must register its NetBIOS name using the Name service. NetBIOS names are 16 bytes in length and vary based on the particular implementation. Frequently, the 16th byte is used to designate a "type" similar to the use of ports in TCP/IP. In NBT, the name service operates on UDP port 137 (TCP port 137 can also be used, but it is rarely if ever used).
The name service primitives offered by NetBIOS are:
Add Name - registers a NetBIOS name
Add Group Name - registers a NetBIOS "group" name
Delete Name - un-registers a NetBIOS name or group name
Find Name - looks up a NetBIOS name on the network
Session mode lets two computers establish a connection for a "conversation," allows larger messages to be handled, and provides error detection and recovery. In NBT, the session service runs on TCP port 139.
The session service primitives offered by NetBIOS are:
Call - opens a session to a remote NetBIOS name
Listen - listen for attempts to open a session to a NetBIOS name
Hang Up - close a session
Send - sends a packet to the computer on the other end of a session
Send No Ack - like Send, but doesn't require an acknowledgment
Receive - wait for a packet to arrive from a Send on the other end of a session
In the original protocol used to implement NetBIOS services on PC-Network, to establish a session, the computer establishing the session sends an Open request which is responded to by an Open acknowledgment. The computer that started the session will then send a Session Request packet which will prompt either a Session Accept or Session Reject packet. Data is transmitted during an established session by data packets which are responded to with either acknowledgment packets (ACK) or negative acknowledgment packets (NACK). Since NetBIOS is handling the error recovery, NACK packets will prompt retransmission of the data packet. Sessions are closed by the non-initiating computer by sending a close request. The computer that started the session will reply with a close response which prompts the final session closed packet.
Datagram distribution service
Datagram mode is "connectionless". Since each message is sent independently, they must be smaller; the application becomes responsible for error detection and recovery. In NBT, the datagram service runs on UDP port 138.
The datagram service primitives offered by NetBIOS are:
Send Datagram - send a datagram to a remote NetBIOS name
Send Broadcast Datagram - send a datagram to all NetBIOS names on the network
Receive Datagram - wait for a packet to arrive from a Send Datagram operation
Receive Broadcast Datagram - wait for a packet to arrive from a Send Broadcast Datagram operation
Since NetBIOS must be enabled for Windows File and Print Sharing, many basic exploits test to see if NetBIOS is enabled or test ports 136-139 for access. Should these ports be unblocked, any shared directories on the computer will be accessible to the internet.
As an example, I am in Gujarat and I am connected to my local area network and My friend is in Delhi and he is connected to him local area network and I want to share a file using public IP address. so how it would be possible, so anyone can help me for?
Hello All,Just over the IOS upgrade from 152-1.SY5 to .155-1.SY6 on a cisco 6880-X box, but the old netflow commands seem to be not working anymore. Any idea how to apply netflow ? I don't understand this beaviour.Thanks in advance! (config-flo...
Long and short is that I have a switch only network (not because I wanted it, but because I was given it as a cruel joke) there are three networks per switch, and three layer three interfaces. Vlan 400,450 and g1/0/24. Unicast works through. Now I am tryi...
Dear Fellows,I have a question related to Cisco 4351 Router where it's performance is mentioned as "200 Mbps Upgradable to 400 Mbps". If my company needs a Internet bandwidth of 500 Mbps, cannot our router supports that? Do we need to replace ou...
Hi all I need your help. I tried to search through the Internet but with no success. In our network we have one Cisco WS-C2960X-48TS-LL switch. However it's not possible to implement IP Source Guard and DAI because there is lack of "ip verify source"...