πŸ–‹οΈ
Dev & Ops
Network
Network
  • Network Book
  • Π‘Π΅Ρ‚ΠΈ для самых ΠΌΠ°Π»Π΅Π½ΡŒΠΊΠΈΡ…
  • OSI
    • ΠŸΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹ Π½Π°Π΄ сСтями
      • NAT
      • BGP
      • ΠšΡ€ΠΈΠΏΡ‚ΠΎΠ³Ρ€Π°Ρ„ΠΈΡ‡Π΅ΡΠΊΠΈΠ΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹
        • SSL
        • TLS
          • Π Π°ΡΡˆΠΈΡ€Π΅Π½ΠΈΡ
            • TLS-ALPN
        • SSH
        • IPSec
      • ОбмСн сообщСниями (IM) Π² Ρ€Π΅ΠΆΠΈΠΌΠ΅ Ρ€Π΅Π°Π»ΡŒΠ½ΠΎΠ³ΠΎ Π²Ρ€Π΅ΠΌΠ΅Π½ΠΈ ΠΈ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ ΠΎ присутствии (Presence)
        • SIMPLE (Основан Π½Π° SIP)
        • XMPP/Jabber
        • Matrix
      • VoIP
        • Intro
        • ΠŸΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ» SIP
        • ΠŸΠ΅Π½Ρ‚Π΅ΡΡ‚
      • WebRTC
      • VPN
    • L7: Application Layer
      • WEB
        • (Π½Π΅ поддСрТиваСтся) SPDY
        • HTTP
          • WebSockets
          • h2c (HTTP/2 Cleartext)
          • ΠšΠΎΠ΄Ρ‹ ΠΎΡ‚Π²Π΅Ρ‚ΠΎΠ²
          • Π—Π°Π³ΠΎΠ»ΠΎΠ²ΠΊΠΈ
          • URI
        • HTTP/2
        • HTTP/3 (HTTP-over-QUIC)
      • ΠŸΠΎΡ‡Ρ‚ΠΎΠ²Ρ‹Π΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Ρ‹
        • IMAP
        • POP
      • Windows
        • HTTP / Windows
        • LDAP
        • RPC
        • SMB
        • Windows Name Resolution
          • КакиС Π΅ΡΡ‚ΡŒ
          • mDNS
          • LLMNR
          • NBNS
        • WinRM
        • WPAD
      • DHCP
      • NTP
      • DNS
      • FTP
      • SMTP
      • SSH
      • Telnet
    • L6: Presentation Layer
      • SSL/TLS
    • L5: Session Layer
      • SSDP
    • L4: Transport Layer
      • SMPP
      • QUIC
      • UDP
      • TCP
    • L3: Network Layer
      • IP (IPv4, IPv6)
      • ICMP
    • L2: Link Layer
      • ЛогичСскоС Ρ€Π°Π·Π΄Π΅Π»Π΅Π½ΠΈΠ΅ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»ΠΎΠ² Π½Π° этом ΡƒΡ€ΠΎΠ²Π½Π΅
      • 802.3 (Ethernet/ARP)
      • 802.1Q (VLANs)
      • 802.11 (Wi-Fi)
        • План
        • Атаки
        • Π˜Π½ΡΡ‚Ρ€ΡƒΠΌΠ΅Π½Ρ‚Ρ‹
        • Π‘Ρ‚Π°Ρ‚ΡŒΠΈ
      • NFC
      • Bluetooth
  • Security
    • MiTM
    • Network Pentest Course (youtube)
    • Tools
      • HTTP Proxy
        • mitmproxy
        • broxy
        • netty
        • proxenet
        • ZAP
        • PolarProxy
      • Wireshark
      • Bettercap
      • Impacket
      • Responder
  • Devices
    • Common Network Device Manufacturer
    • Physical Servers
Powered by GitBook
On this page
  1. OSI
  2. L7: Application Layer
  3. Windows
  4. Windows Name Resolution

mDNS

PreviousКакиС Π΅ΡΡ‚ΡŒNextLLMNR

Last updated 3 years ago

(multicast DNS) is a descentralized application protocol, similar to LLMNR, based on DNS that allows to resolve names in local networks, which means that its packets are not forwarded by routers and are only transmited in their network segment. It is included in Windows 10, and is the second preferred method to resolve names after .

  1. DNS

  2. mDNS

  3. LLMNR

  4. NBNS

In a Windows network, the computers are listening into the port 5353/UDP and to resolve a name, the client sends a mDNS query to the 224.0.0.251 (FF02::FB in IPv6). The queries follow the DNS format and can be use to ask not only for names, but also any other question supported by DNS.

            .---
 mDNS ---> | 5353/UDP
            '---

The common case is use mDNS to resolve names in local link by sending A DNS queries. In this case, the computer that has the queried name should response by sending the answer to the multicast address 224.0.0.251, this way, any computer in the network can obtain the answer and cache it. But, of course, the query can be responded by anyone, even an attacker to perform a MITM attack. This is one of the tactics used by and to recollect NetNTLM hashes in networks with Windows machines.

mDNS
DNS
multicast address
responder.py
Inveigh