πŸ–‹οΈ
Dev & Ops
Network
Network
  • Network Book
  • Π‘Π΅Ρ‚ΠΈ для самых ΠΌΠ°Π»Π΅Π½ΡŒΠΊΠΈΡ…
  • OSI
    • ΠŸΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹ Π½Π°Π΄ сСтями
      • NAT
      • BGP
      • ΠšΡ€ΠΈΠΏΡ‚ΠΎΠ³Ρ€Π°Ρ„ΠΈΡ‡Π΅ΡΠΊΠΈΠ΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹
        • SSL
        • TLS
          • Π Π°ΡΡˆΠΈΡ€Π΅Π½ΠΈΡ
            • TLS-ALPN
        • SSH
        • IPSec
      • ОбмСн сообщСниями (IM) Π² Ρ€Π΅ΠΆΠΈΠΌΠ΅ Ρ€Π΅Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ Π²Ρ€Π΅ΠΌΠ΅Π½ΠΈ ΠΈ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ ΠΎ присутствии (Presence)
        • SIMPLE (Основан Π½Π° SIP)
        • XMPP/Jabber
        • Matrix
      • VoIP
        • Intro
        • ΠŸΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ» SIP
        • ΠŸΠ΅Π½Ρ‚Π΅ΡΡ‚
      • WebRTC
      • VPN
    • L7: Application Layer
      • WEB
        • (Π½Π΅ поддСрТиваСтся) SPDY
        • HTTP
          • WebSockets
          • h2c (HTTP/2 Cleartext)
          • ΠšΠΎΠ΄Ρ‹ ΠΎΡ‚Π²Π΅Ρ‚ΠΎΠ²
          • Π—Π°Π³ΠΎΠ»ΠΎΠ²ΠΊΠΈ
          • URI
        • HTTP/2
        • HTTP/3 (HTTP-over-QUIC)
      • ΠŸΠΎΡ‡Ρ‚ΠΎΠ²Ρ‹Π΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹
        • IMAP
        • POP
      • Windows
        • HTTP / Windows
        • LDAP
        • RPC
        • SMB
        • Windows Name Resolution
          • КакиС Π΅ΡΡ‚ΡŒ
          • mDNS
          • LLMNR
          • NBNS
        • WinRM
        • WPAD
      • DHCP
      • NTP
      • DNS
      • FTP
      • SMTP
      • SSH
      • Telnet
    • L6: Presentation Layer
      • SSL/TLS
    • L5: Session Layer
      • SSDP
    • L4: Transport Layer
      • SMPP
      • QUIC
      • UDP
      • TCP
    • L3: Network Layer
      • IP (IPv4, IPv6)
      • ICMP
    • L2: Link Layer
      • ЛогичСскоС Ρ€Π°Π·Π΄Π΅Π»Π΅Π½ΠΈΠ΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»ΠΎΠ² Π½Π° этом ΡƒΡ€ΠΎΠ²Π½Π΅
      • 802.3 (Ethernet/ARP)
      • 802.1Q (VLANs)
      • 802.11 (Wi-Fi)
        • План
        • Атаки
        • Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚Ρ‹
        • Π‘Ρ‚Π°Ρ‚ΡŒΠΈ
      • NFC
      • Bluetooth
  • Security
    • MiTM
    • Network Pentest Course (youtube)
    • Tools
      • HTTP Proxy
        • mitmproxy
        • broxy
        • netty
        • proxenet
        • ZAP
        • PolarProxy
      • Wireshark
      • Bettercap
      • Impacket
      • Responder
  • Devices
    • Common Network Device Manufacturer
    • Physical Servers
Powered by GitBook
On this page
  1. OSI
  2. L7: Application Layer
  3. Windows
  4. Windows Name Resolution

LLMNR

PreviousmDNSNextNBNS

Last updated 3 years ago

About

(Link-Local Multicast Name Resolution) is a descentralized application protocol similar to DNS that allows to resolve hostnames in the same local network, which means that its packets are not forwarded by routers and are only transmited in their network segment. It is included in Windows since Windows Vista, and is the third preferred method to resolve names. The order of preference is the following:

  1. DNS

  2. mDNS

  3. LLMNR

  4. NBNS

            .---
 LLMNR ---> | 5355/UDP
            '---

In a Windows network, the computers are listening into the port 5355/UDP and to resolve a name, the client sends a LLMNR query to the 224.0.0.252 (FF02:0:0:0:0:0:1:3 in IPv6). The queries follow the DNS format and can be use to ask not only for names, but also any other question supported by DNS.

The common case is use LLMNR to resolve names in local link by sending A DNS queries. In this case, the computer that has the queried name should response. But, of course, the query can be responded by anyone, even by an attacker to perform a PitM attack. This is one of the tactics used by and to recollect NTLM hashes in networks with Windows machines (LLMNR/NBT-NS Poisoning).

multicast address
responder.py
Inveigh
LLMNR