我像 一样过滤了捕获的数据包nbns,但是 NBNS 数据包格式让我感到困惑。
引用 Wireshark Wiki:
NetBIOS Name Service
Transaction ID: 0xe17b
Flags: 0x0110 (Name query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Name query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... ...1 .... = Broadcast: Broadcast packet
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
PSMTP.COM<00>: type NB, class IN
Name: PSMTP.COM<00> (Workstation/Redirector)
Type: NB
Class: IN
type和是什么class意思?
是PSMTP.COMNetBIOS 名称吗?由于它不与我的 PC 位于同一 LAN,所以我认为不是。但如果我将 NBNS 数据包过滤为Source == *needed IP-adrress in the same LAN*,数据包中的这个字段会是 NetBIOS 名称吗?
答案1
您需要进行更多检查,因为 Wireshark 还会向您显示来自其他层的数据。
至于这个官方 RFC引用自WireShark 维基可能包含您想要的信息。此外用于 NetBIOS 名称服务显示过滤器的 WireShark 数据库列出标志本身。
来自RFC:
QUESTION_CLASS is defined as:
Symbol Value Description:
IN 0x0001 Internet class
QUESTION_TYPE is defined as:
Symbol Value Description:
NB 0x0020 NetBIOS general Name Service Resource Record
NBSTAT 0x0021 NetBIOS NODE STATUS Resource Record (See NODE
STATUS REQUEST)