It means you are using windows and you have ports 137 ~ 139 open, Specifically NetBIOS
Session, NetBIOS DataGram and NetBIOS Name. A good way to demonstrate these protocols is
the use of the Win32 command, NBTstat .
You can get the syntax by executing; nbtstat -?
You can see NetBIOS information about a TCP/IP address by executing; nbtstat -A IP_Address.
(that's a capital letter 'A' switch parameter). The IP address of this PC is 192.168.1.99 ,
therefore, if I type; nbtstat -A 192.168.1.99
I get....
Local Area Connection 3:
Node IpAddress: [192.168.1.99] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
LIPPY <20> UNIQUE Registered
LIPPY <00> UNIQUE Registered
SEAVIEW <00> GROUP Registered
SEAVIEW <1E> GROUP Registered
LIPPY <03> UNIQUE Registered
SEAVIEW <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-60-08-05-98-BE
My MAC MAC Address = 00-60-08-05-98-BE
My PC name=LIPPY
My MS Networking workgroup(or NT Damain)=SEAVIEW
The PC has been made a "master browser" as indicated by ..__MSBROWSE__.
The number surrounded by <> such has <20> have specific meanings as type of NetBIOS (SMB)
services
Another form of this command is the -c or NetBIOS cache
If you execute; nbtstat -c you will then see the contents of your PC's NetBIOS cache
If the time in the right column is; -1
the host was loaded statically via the 'lmhosts' table located in the ./etc directory.
If the time is a postive number, then a node (Internet or LAN) has probed or communicated
with you using NetBIOS.
If you are a singular PC not part of a LAN and you see many nodes in the NetBIOS cache that
you are clueless about, than you can see your vulnerability to hackers and NetBIOS worms
seeking MS Networking shares that are not locked down. Often Internet worms will apply
dictionary attacks against a NetBIOS share (SMB Share) to gain entry and infect your PC.
If you are a singular PC. There is no need for NetBIOS over IP. If you participate in a MS
Networking LAN then you need to filter out these ports via the use of a FireWall. As I
stated earlier in this thread, that's why I block TCP/UDP ports 135 ~ 139 and 445 on my
Linksys Router (BEFSR41 via URL:
http://192.168.1.1/Filters.htm )
From the TCP/IP 'services' table found in a ./etc directory...
loc-srv 135/tcp Location Service
profile 136/tcp
netbios-ns 137/tcp
netbios-dgm 138/tcp
netbios-ssn 139/tcp
microsoft-ds 445/tcp Microsoft-DS
loc-srv 135/udp Location Service
profile 136/udp
netbios-ns 137/udp
netbios-dgm 138/udp
netbios-ssn 139/udp
microsoft-ds 445/udp Microsoft-DS
~~~~~~~~~~~~
Dave
You have a Open Port 139