LLMNR

LLMNR (Link-Local Multicast Name Resolution) (Windows) is a protocol used in local networks to map network names to their IP addresses without using a DNS server. It is actively used in Windows environments.

What is LLMNR used for?

LLMNR is used to map network names to their IP addresses on a local network when no DNS server exists on the network or when it is unavailable. It allows a unique device name, such as a computer name, to be mapped to its IP address within one network without using a centralized server.

LLMNR operation process:

LLMNR works through multicast distribution of a request to map a network name to an IP address. Example:

  1. “PC1” sends a multicast request to address 224.0.0.252 using UDP port 5355, containing the name “PC2”.
  2. All computers on the local network that support LLMNR receive this request, including “PC2”.
  3. “PC2” detects that the request contains its name and sends a response to “PC1” with its IP address.
  4. “PC1” receives the response from “PC2” with its IP address.

LLMNR operates at the application layer of the network and uses port 5355 to exchange information. It works only within one network and does not use relay through routers.

NBT-NS

NBT-NS (NetBIOS Name Service) (Windows) is a protocol used in Microsoft Windows networks to identify network devices.

The purpose of NBT-NS is to discover devices on the network by their NetBIOS names. NetBIOS is a software interface that allows applications to exchange data and discover other devices on a local network. NBT-NS acts as a service that responds to requests for identifying a device’s NetBIOS name and IP address.

NBT-NS operation process:

  1. When a computer sends an NBT-NS request, it transmits a UDP packet to port 137 on the local IP broadcast address of the network.
  2. Devices on the network associated with IP addresses receive the NBT-NS request packet.
  3. If a device is configured to respond to such requests, it sends an NBT-NS response with information about itself back to the source computer’s port.
  4. The source computer receives the NBT-NS response with data about the network device, including the device name and IP address.

mDNS

mDNS (Multicast DNS) (Linux, macOS) is a protocol that allows devices on a local network to find each other without needing to configure a DNS server.

It is used for the following functions:

  • Automatic discovery: mDNS allows devices to automatically discover other devices on a local network. For example, if you have a network printer, devices on the network can find it without manually configuring the printer’s IP address.
  • Name resolution: mDNS allows devices to have a unique name on the local network without configuring a DNS server. This makes it possible to address a device by its name instead of its IP address. This is especially useful in a home network where devices have friendly names.

mDNS operation process:

  • Announcement: a device that wants to be discovered sends mDNS packets through a multicast IP group known as “224.0.0.251”. These packets contain information about the device name and its IP address.
  • Search: other devices on the network running mDNS monitor this multicast group and receive information about available devices. When they discover a new device, they update their lists of available devices.
  • Caching: devices that support mDNS can cache information about discovered devices. This allows them to quickly identify available devices without performing a search for every request.
  • Question-answer exchange: when a device wants to access another device by its name, it sends a request through the multicast group. The device with that name responds to the request by providing its IP address.

Thus, mDNS allows devices to automatically discover each other and communicate with each other without configuring a DNS server or knowing IP addresses.