Does anyone know specifically how I would use Wireshark to sniff out WINS traffic on a network? I haven't been able to really find anything on this.
Maybe you've been looking for the wrong thing?
-Open Wireshark
-Create packet Stream
-Create [url=http://wiki.wireshark.org/NetBIOS/NetBIOS]Filter[/url] Expression
Is this what you're talking about sniffing?
[img]http://filesmelt.com/dl/Capture381.PNG[/img]
[QUOTE=bye;32500826]Maybe you've been looking for the wrong thing?
-Open Wireshark
-Create packet Stream
-Create [url=http://wiki.wireshark.org/NetBIOS/NetBIOS]Filter[/url] Expression
Is this what you're talking about sniffing?
[img]http://filesmelt.com/dl/Capture381.PNG[/img][/QUOTE]WINS is the protocol used by MS Exchange. I'm trying to make sure ONLY that is using WINS over the network.
No, WINS is Microsoft's implementation of NetBIOS name services.
(WINS is to NetBIOS as what DNS is to domain names).
[QUOTE=nikomo;32502373]No, WINS is Microsoft's implementation of NetBIOS name services.
(WINS is to NetBIOS as what DNS is to domain names).[/QUOTE]Right, and ONLY EXCHANGE uses this.
Point is, I want to find what is using this protocol on the network.
After Win2000, DNS is used for AD instead of WINS, so I'd be looking for a really, really, really old Windows server or a Linux server that has something like Samba.
If it's a big network, it could also just be someone running NBNS poisoning and trying to get password hashes.
[QUOTE=nikomo;32502622]After Win2000, DNS is used for AD instead of WINS, so I'd be looking for a really, really, really old Windows server or a Linux server that has something like Samba.
If it's a big network, it could also just be someone running NBNS poisoning and trying to get password hashes.[/QUOTE]Well my boss said that we have Exchange running on WINS. We're on Exchange 2007...so...it's obviously using it.
Sorry, you need to Log In to post a reply to this thread.
