Wireshark · Wireshark-users: Re: [Wireshark-users] Unexplained Netbios Traffic

Wireshark-users: Re: [Wireshark-users] Unexplained Netbios Traffic

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 1 Oct 2008 12:55:21 -0700


On Oct 1, 2008, at 12:29 PM, Jon Ziminsky wrote:

It is a filtered capture. I set the Capture filter to only grabpackets from the source that do not have a destination inside mynetwork.
capture filter:
src 192.168.1.23 and not dst net 192.168.0.0 mask 255.255.0.0

So the only ones were NBNS NBSTAT packets? I don't know how DNS isconfigured on the machine, but if it were trying to do reverse DNSlookups, I'd expect to see packets going to a server for the .arpadomain, which isn't likely to be inside your network. :-)

There might be tools that work on Windows Server 2000 (Network Monitor3.2 apparently won't) that can identify the process from whichparticular packets came; I don't know what tools would do that.

Follow-Ups:
- Re: [Wireshark-users] Unexplained Netbios Traffic
  - From: Jon Ziminsky
- Re: [Wireshark-users] Unexplained Netbios Traffic
  - From: Frank Bulk

References:
- [Wireshark-users] Unexplained Netbios Traffic
  - From: Jon Ziminsky
- Re: [Wireshark-users] Unexplained Netbios Traffic
  - From: Guy Harris
- Re: [Wireshark-users] Unexplained Netbios Traffic
  - From: Jon Ziminsky
- Re: [Wireshark-users] Unexplained Netbios Traffic
  - From: Guy Harris
- Re: [Wireshark-users] Unexplained Netbios Traffic
  - From: Jon Ziminsky

Prev by Date: Re: [Wireshark-users] Unexplained Netbios Traffic
Next by Date: Re: [Wireshark-users] Unexplained Netbios Traffic
Previous by thread: Re: [Wireshark-users] Unexplained Netbios Traffic
Next by thread: Re: [Wireshark-users] Unexplained Netbios Traffic
Index(es):
- Date
- Thread