Home > Wireshark > Wireshark: Eliminating NBNS

Wireshark: Eliminating NBNS


If you work with wireshark its good to sniff around on all your vlans once and then. You might be surprised what you’ll find. Today I checked some student vlans and found alot of machines that were very “chatty”.  Also with server names that do not exist anymore in the network.

It seems like alot of NBNS packets on the wire. The NetBIOS Name Service (NBNS) translates human-readable names to IP addresses (much like DNS) and in modern networks its not needed anymore. Since we are running a Windows 2008 R2 network with Windows XP SP3 workstations and do NOT have applications that depend on it we are going to eliminate it.

On the workstations

In the advanced properties of the network card you can change the NetBIOS value.

By default its Enabled and controlled via the DHCP scope. Lets disable this value and add an extra option to the DHCP scopes. You need to add option 001 to the scope with a value of 0x2.

On the server side

If you are absolutely sure that you don’t need NetBIOS/WINS and you do not have any applications that rely on it you can elimate NetBIOS by changing the NetBIOS property on the Nics. When completed you can fire up Wireshark again and check if any NBNS traffic is still on the wire.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: