Purpose: File sharing, printer access, remote services
Ports: TCP 445 (modern), TCP/UDP 137–139 (legacy)
Auth: NTLM / Kerberos
Attacks: EternalBlue, SMBGhost, IPC$ abuse, named pipes
Wireshark:
tcp.port == 445smb || smb2smb2.cmd == 0x5smb.filename contains "IPC$"Purpose: Name resolution & session services on LANs
Ports: UDP 137/138, TCP 139
Use Cases: Legacy Windows name discovery
Attacks: NBNS spoofing, NetBIOS name poisoning
Wireshark:
udp.port == 137 || udp.port == 138 || tcp.port == 139nbns