Command for sending out NetBIOS queries.
There are a number of query types available in NetBIOS, and this program is capable of sending any of them. The response (or lack thereof) will give you information about the Windows-based or Samba systems in the area.
One thing worth noting about the NetBIOS protocol is that it is nearly identical to DNS. In fact, it's close enough that this script uses the DNS library to * build requests. The primary differences between NetBIOS and DNS are: - How names are encoded (NetBIOS names are encoded before being sent), - How the flags are used (NetBIOS has a different set of flags), and - How requests are sent (NetBIOS is capable of broadcasting requests
The DNS library is more than capable of dealing with these differences.
Now, without further ado, let's take a look at the query types available:
An NB query will broadcast a request for a certain name (or the wildcard) to the target (UDP/137 to, typically, the broadcast address). Any hosts on that network with matching names will respond. --nb requests are the target of nbsniff's --poison attack, so sending out --nb queries is a great way to test nbsniff.
An NBSTAT query is a request to a single host for its status. It returns all names it has registered, as well as some other targeted information (such as, on Windows, its MAC address).
Register, Renew, Release (--register, --renew, --release)
These are queries typically used by systems when they are starting up or shutting down. If you try to register or release an address that's already in use, the host using it will respond with "error: active". I haven't seen --renew evoke a response. One of the most useful purposes of these commands is actually to test nbsniff's --conflict command. When using --conflict, nbsniff will send "error: active" responses to any number of names.
Conflict, Demand (--conflict, --demand)
Conflict and demand are ways of asking other hosts to relinquish a NetBIOS name. As far as I know, no modern implementation will honour them.