The NetBIOS protocol


   In this article we will talk about NetBIOS, a legacy naming resolution protocol that was implemented in older versions of Windows. NetBIOS was replaced by the DNS service but, it is enabled by default on all versions of Windows because it provides backward compatibility with legacy versions. This protocol works on IPv4 networks where there is no DNS infrastructure configured..
   When pinging a computer or trying to access it using the UNC, Windows will first attempt to resolve it’s name using DNS. If the query is not successful, Windows will use LLMNR and NetBIOS. Remember that even if you disable network discovery (which implies disabling LLMNR), queries will still be resolved using NetBIOS. There are three naming resolution methods used by NetBIOS. We will talk about each of these methods:
WINS – it’s a mechanism in which a WINS server is configured to resolve computer names on the network. You can add a WINS server’s IP address from the network configuration settings. To set up a WINS server address on your local computer, navigate to “Local Area Connection Properties”, click on the “Internet Protocol Version 4 (TCP/IPv4)” and then select “Advanced” options from the bottom right section. Now click on the “WINS” tab and add your configuration:
NetBIOS settings
From the same panel you can disable NetBIOS over TCP/IP. You can see that by default, NetBIOS settings will be inherited from the DHCP server. If there is no reachable DHCP server or the computer has static IP configured, NetBIOS will be used over TCP/IP. A WINS server hosts a local database that contains mappings between workstations names and IP addresses. This is the only method used by NetBIOS that can resolve names beyond the local subnet.
Lmhosts – takes advantage of a local database named lmhosts.sam stored in C:\Windows\System32\drivers\etc:
Lmhosts
This file contains mappings between names and IP addresses. The advantage of using Lmhosts is that the names are resolved locally so the computer does not depend on a remote entity for name resolution. The entries in the Lmhosts file are added manually making it a time consuming operation. You can enable or disable Lmhosts lookup from the same pane used to add a WINS server address.
Broadcast – All Windows machines will have NetBIOS enabled by default. NetBIOS broadcasts are used to discover network devices. The NetBIOS broadcasting operation is pretty simple: a computer requesting a device’s name will send a broadcast message to all other devices in the network. The machine that is configured with the specified IP will respond with a unicast message. This is the default mechanism used by NetBIOS.
   These mechanisms cannot be used without the NetBIOS nodes. There are four types of nodes:
point-to-point (p-node) – this node uses a WINS server for name resolution. The query is made directly to the server (unicast).
broadcast (b-node) – this type of node uses broadcasts to resolve names. As you may already know, these messages are not sent beyond routers so it will provide naming functionality for devices on the local subnet. Also note that broadcast messages disturb all network devices and increase network traffic.
hybrid (h-node) – such node will first attempt to resolve names using a WINS server, if the query is not successful then it will search for entries in the local Lmhosts database. If this mechanism is not successful either, NetBIOS will use broadcasts as last resort. This is the default NetBIOS node used in Windows OS. You can view the node type by entering ipconfig /all from the command prompt.
mixed (m-node) – the node will first attempt to resolve names using broadcasts and if the query is not successful, it will use p-node (it will try to query a WINS server).
   Though NetBIOS is a simple and easy to implement naming resolution mechanism, it’s not scalable to large enterprises. In home or small sized networks, NetBIOS is a good option since it is enabled by default on all Windows versions and it does not require additional configurations. NetBIOS can resolve names in IPv4 networks only and by default, it will not query devices outside the local subnet. Even if this limitation can be resolved using a WINS server, such server is hard to maintain since all entries are added manually.
   In a future article we will talk about Domain Name System, today’s global standard for naming resolution. This article will serve well as an introduction for better understanding DNS. Don’t hesitate to comment and share this article to others. Hope you’ve enjoyed it, wish you all the best and stay tuned for the following articles from IT training day.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s