Netbios Over TCP/IP – Yea Or Nay

Daniel Adeniji Microsoft, NetBIOS over TCP/IP (NetBt), Network Bandwidth Monitoring, Network Connections, Technical, Win OS, Wireshark

Background

Had an insomnia night last week.  And, so took to the laptop and wanted to troubleshoot an issue.

As part of that troubleshooting exercise I knew Network Traffic Pattern might be pertinent.

Wireshark

Network Traffic

Here is sample of some of what I noticed through capturing Network Traffic.

Image

 

Explanation

Noticed a lot of Name Resolution Traffic.

Inclusive of protocols that line up with Network Resolution issues are DNS & NBNS.

DNS stands for Domain Name Server and NBNS Stand for Netbios Name Server.

 

Netbios Name Server ( NBNS )

Though running Windows. it is no longer a Netbeui World.

Strictly TCP/IP.

Review Configuration

Let us review our Network Configuration on specific adapters.

As I am currently on wireless, let us focus on just the Wireless Adapter.

GUI

Here is how to do so through the GUI.

Wireless Network Connection 2

Advanced TCP/IP Settings – WINS
Image

 

Explanation

Currently, we are set to receive NetBIOS Settings from the DHCP Server; that appears to be the default MS Windows Setting.

 

Command Line Shell

And, here are a couple of options to do so via the Command Line Shell.

ipconfig

Script

ipconfig /all
Output

Explanation

NetBIOS over Tcpip is Enabled

WMI – Query – Win32_NetworkAdapterConfiguration

Script


set _hostname="."

set _propList="DHCP*,IPAddress,DefaultIPGateway,DNSDomainSuffixSearchOrder,DNSEnabledForWINSResolution,DNSServerSearchOrder,TcpipNetbiosOptions"

set _command="Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName %_hostname% | Select-Object -Property %_propList% "

powershell -Command %_command%

Output

Explanation

  1. TcpipNetbiosOptions
    • 0
      • Default Setting; and we remember default settings is to get the setting from the DHCP Server

 

WMI – Set – Win32_NetworkAdapterConfiguration

Let us use wmic and pass along the nicconfig verb; calling the SetTcpipNetbios method and sending along argument 2.

Remember 2 mean Netbeui disabled.

Please pass along the right index, as well.

Each NIC Card has an index and it is displayed when one queries the Network Configuration.

Script

REM - Use NetBIOS setting from the DHCP server
set _netBiosSettingDHCPServer=0

REM - Enable NetBIOS over TCP/IP
set _netbiosSettingEnabled=1    

REM - Disable NetBIOS over TCP/IP
set _netbiosSettingDisabled=2  

set _hostname="."
set _index=15

wmic nicconfig where index=%_index% call SetTcpipNetbios %_netbiosSettingEnabled%
Image

 

Confirmed Change

GUI
Image

Console
Image – ipconfig /all

Wireshark – Take 2

Network Traffic

Went back to Wireshark and took another trace.

Image

Explanation

Noticed a slew of NBNS Traffic targeted at our DNS Server.

BTW, our local DNS Server are set for “Recursion Desired“.

That way they can forward unresolved Name Resolution traffic to our ISP…Which will be most of the requests we get.

 

Remediation

Connected to each of our internal DNS Servers and disabled Netbeui Name Resolution on the NIC Cards, as well.

 

Windows DHCP

If we had a Windows DHCP Server, would have disabled that option on the DHCP Scope, as well.

 

Wireless Access Point ( WAP )

I doubt that our Wireless Access Point supports DHCP and so will skip that step for now.

 

References

  1. Client Configuration
    • Script
      • HOW TO DISABLE NETBIOS VIA COMMAND LINE ON WINDOWS
        Link
      • Configuring NetBIOS over TCP/IP
        Link
    • Tim Dunn
      • Tim Dunn – Is NetBIOS over TCP/IP Enabled?
        Posted On :- 2011-June-29th
        Link
    • Scripting Guy
      • Use PowerShell to Identify Your Real Network Adapter
        Posted On :- 2011-Oct-7th
        Link
    • T.dejesus
      • Simple powershell help
        Posted On :- 2014-April-14th
        Link
    • Dan Stolts, ITProGuru
      • Using PowerShell to Get or Set NetworkAdapterConfiguration-View and Change Network Settings Including DHCP, DNS, IP Address and More (Dynamic AND Static) Step-By-Step
        Link
    • Q/A
      • Slow Cross-Domain login to StoreFront site
        Link
    • Visual
      • Jim Boyce
        • Get IT Done: Improve network performance by disabling NetBIOS over TCP/IP
          Published On : -2002-Nov-5th
          Link
  2. Server Configuration
    • How to disable NetBIOS over TCP/IP by using DHCP server options
      Link

 

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s