Revision history [back]
NBNS, ICMP followed by DHCP
Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently analysing a capture for learning purposes and there's some communication that I can't follow nor find a clear explanation to what is happening.
It seems to be a TELNET communication between two machines A (192.168.251.1) and B (192.168.251.11) in the same network. A initiates the TCP connection which gets accepted by B followed by the initiation of the TELNET connection. What comes next it's not clear to me. B queries machine A NetBios Name Service with NBSTAT. An ICMP packet is sent as response stating that port on A is unreachable. This is repeated two more times.
My guess: there's a third machine (C), outside this network, that is initiating the TELNET communication to B, and A is a router forwarding packets from C to B. B detects someone is requesting access and asks A (the router) if C is within the NetBIOS valid list of resources. A, however, is not running NBNS and UDP port 137 is, therefore, not reachable.
After the NBNS packets there are two DHCP packets. B sends a DHCP request to A and gets acknowledged. Is machine B just refreshing the time lease for the same address? Are these scenarios connected?
NBNS, ICMP followed by DHCP
Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently analysing a capture for learning purposes and there's some communication that I can't follow nor find a clear explanation to what is happening.
It seems to be a TELNET communication between two machines A (192.168.251.1) and B (192.168.251.11) in the same network. A initiates the TCP connection which gets accepted by B followed by the initiation of the TELNET connection. What comes next it's not clear to me. B queries machine A NetBios Name Service with NBSTAT. An ICMP packet is sent as response stating that port on A is unreachable. This is repeated two more times.
My guess: there's a third machine (C), outside this network, that is initiating the TELNET communication to B, and A is a router forwarding packets from C to B. B detects someone is requesting access and asks A (the router) if C is within the NetBIOS valid list of resources. A, however, is not running NBNS and UDP port 137 is, therefore, not reachable.
After the NBNS packets there are two DHCP packets. B sends a DHCP request to A and gets acknowledged. Is machine B just refreshing the time lease for the same address? Are these scenarios connected?
NBNS, ICMP followed by DHCP
Hello everyone, I'm fairly new into the topic of analysing network traffic. I'm currently analysing a capture for learning purposes and there's some communication that I can't follow nor find a clear explanation to what is happening.
It seems to be a TELNET communication between two machines A (192.168.251.1) and B (192.168.251.11) in the same network. A initiates the TCP connection which gets accepted by B followed by the initiation of the TELNET connection. What comes next it's not clear to me. B queries machine A NetBios Name Service with NBSTAT. An ICMP packet is sent as response stating that port on A is unreachable. This is repeated two more times.
My guess: there's a third machine (C), outside this network, that is initiating the TELNET communication to B, and A is a router forwarding packets from C to B. B detects someone is requesting access and asks A (the router) if C is within the NetBIOS valid list of resources. A, however, is not running NBNS and UDP port 137 is, therefore, not reachable.
After the NBNS packets there are two DHCP packets. B sends a DHCP request to A and gets acknowledged. Is machine B just refreshing the time lease for the same address? Are these scenarios connected?