Archive

Posts Tagged ‘nbns’

Wireshark: Eliminating NBNS

March 14, 2011 Leave a comment

If you work with wireshark its good to sniff around on all your vlans once and then. You might be surprised what you’ll find. Today I checked some student vlans and found alot of machines that were very “chatty”.  Also with server names that do not exist anymore in the network.

It seems like alot of NBNS packets on the wire. The NetBIOS Name Service (NBNS) translates human-readable names to IP addresses (much like DNS) and in modern networks its not needed anymore. Since we are running a Windows 2008 R2 network with Windows XP SP3 workstations and do NOT have applications that depend on it we are going to eliminate it.

On the workstations

In the advanced properties of the network card you can change the NetBIOS value.

By default its Enabled and controlled via the DHCP scope. Lets disable this value and add an extra option to the DHCP scopes. You need to add option 001 to the scope with a value of 0x2.

On the server side

If you are absolutely sure that you don’t need NetBIOS/WINS and you do not have any applications that rely on it you can elimate NetBIOS by changing the NetBIOS property on the Nics. When completed you can fire up Wireshark again and check if any NBNS traffic is still on the wire.

Advertisements
%d bloggers like this: