It is to my understanding that NetBIOS operates on port 137. I'm seeing NetBIOS traffic going from my machine to a remote address associated with an AT&T based IP address. I have that port blocked so I don't know why NBNS traffic is still showing up.
Please see below. I think this is a cause for concern.
asked 14 Jun '15, 12:26
The NB name queries are broadcast packets being sent by 192.168.1.13, looking for a host named WPAD.
The NBSTAT name queries are attempts by some Windows machine on your network to try to determine the NetBIOS host name for 184.108.40.206; that's just what Windows does, at least if it's configured to use NetBIOS-over-TCP, if some program is trying to find a host name for 220.127.116.11 - it might try DNS first, and fall back on NetBIOS-over-TCP if that fails, or it might even try NetBIOS-over-TCP first.
answered 14 Jun '15, 13:37
Guy Harris ♦♦