MEGA HIVE: July 2010

Tuesday, July 20, 2010

♦ Datagram vs packet meaning

Note: Today I found a meaning between "Datagram" and "Packet" where "Mr.Asesino" from website http://www.firewall.cx/ftopict-4583.html to opened a new topic ask someone on, "Smurf Forum Moderator" answer him as below

Basically, his general rule of thumb for this is;
Layer 2 - Ethernet Frames
Layer 3 - IP Packets
Layer 4 - Segments

But "atr2006" refer to

RFC 1812:

Datagram

The unit transmitted between a pair of internet modules. Data,
called datagrams, from sources to destinations. The Internet
Protocol does not provide a reliable communication facility.
There are no acknowledgments either end-to-end or hop-by-hop.
There is no error no retransmissions. There is no flow control.

Fragment

An IP datagram that represents a portion of a higher layer's
packet that was too large to be sent in its entirety over the
output network.

Packet

A packet is the unit of data passed across the interface between
the Internet Layer and the Link Layer. It includes an IP header
and data. A packet may be a complete IP datagram or a fragment
of an IP datagram.

IP Datagram

An IP Datagram is the unit of end-to-end transmission in the
Internet Protocol. An IP Datagram consists of an IP header
followed by all of higher-layer data (such as TCP, UDP, ICMP,
and the like). An IP Datagram is an IP header followed by a
message.
An IP Datagram is a complete IP end-to-end transmission unit.
An IP Datagram is composed of one or more IP Fragments.

IP Fragment

An IP Fragment is a component of an IP Datagram. An IP Fragment
consists of an IP header followed by all or part of the higher-
layer of the original IP Datagram.
One or more IP Fragments comprises a single IP Datagram.

IP Packet

An IP Datagram or an IP Fragment.

--------------------------------------------------------------

Sunday, July 18, 2010

♦ Ping packet decode

The ping command on windows 7 use ICMP packet where it is consisted 74 bytes long (capture). we use the ping command for healthy check your connection between local network or public network. this command will help you to begin troubleshoot as a tools to find out some network problem.
Note: This below example was test with windows 7 platform Microsoft Windows Version 6.1.7600.

Directory of c:\windows\system32
   07/14/2009  08:14 AM            15,360 PING.EXE
               1 File(s)         15,360 bytes
               0 Dir(s)  294,020,849,664 bytes free

For advantage of this version it can force to show IPv4 with option [-4], IPv6 with [-6].

c:\windows> ping 192.168.0.6

Pinging 192.168.0.6 with 32 bytes of data:
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0m

Ethernet Header (14 bytes)	IP Datagram (60 bytes)
	IP Header (20 bytes)	IP data (40 bytes)

Fig.1 ICMP structure

1.Ethernet header (14 bytes)

0000 00 1b 11 ea 5c b4 00 12 3f b1 15 a5 08 00 45 00 ....\...?.....E.
0010 00 3c 41 d6 00 00 80 01 00 00 c0 a8 00 08 c0 a8 .<A.............
0020 00 06 00 00 40 5c 02 00 13 00 61 62 63 64 65 66 ....@\....abcdef
0030 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 ghijklmnopqrstuv
0040 77 61 62 63 64 65 66 67 68 69 wabcdefghi

MAC Destination Address (0-5, 6 bytes) - 00-1b-11-ea-5c-b4
MAC Source Address (6-11, 6 bytes) - 00-12-3f-b1-15-a5
Ethernet Type Field (12-13, 2 bytes) - 0x0800 (IP Datagram)

2. IP Header (20 bytes)

0000 00 1b 11 ea 5c b4 00 12 3f b1 15 a5 08 00 45 00 ....\...?.....E.
0010 00 3c 41 d6 00 00 80 01 00 00 c0 a8 00 08 c0 a8 .<A.............
0020 00 06 00 00 40 5c 02 00 13 00 61 62 63 64 65 66 ....@\....abcdef
0030 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 ghijklmnopqrstuv
0040 77 61 62 63 64 65 66 67 68 69 wabcdefghi

IP Version (14, high nibble) - IPv4
IP Header Length (14, low nibble) - Five (5) 32-bit Words
Source IP Address (26-29, 4 bytes) - 192.168.1.8 (c0-a8-00-c0)
Destination IP Address (30-33, 4 bytes) - 192.168.1.6 (c0-a8-00-06)

3. IP Data (40 bytes) Internet Control Message Protocol (ICMP)

0000 00 1b 11 ea 5c b4 00 12 3f b1 15 a5 08 00 45 00 ....\...?.....E.
0010 00 3c 41 d6 00 00 80 01 00 00 c0 a8 00 08 c0 a8 .<A.............
0020 00 06 00 00 40 5c 02 00 13 00 61 62 63 64 65 66 ....@\....abcdef
0030 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 ghijklmnopqrstuv
0040 77 61 62 63 64 65 66 67 68 69 wabcdefghi

00 Type: 0 (Echo (ping) reply)
00 Code: 0 ()
40 5c Checksum: 0x405c [correct]
02 00 Identifier: 0x0200
Data (32 bytes) Data: 6162636465666768696A6B6C6D6E6F707172737475767761...
13 00 Sequence number: 4864 (0x1300)

Reference : this an other good example where we refered..

Saturday, July 17, 2010

♦ Batch file command (windows 7)

#1. Simple control Loop
syntax : for /l %%X in (start, step, end) do command
filename : runloop.bat

@echo off
for /l %%X in (1,2,10) do echo %%X

c:\windows>runloop [Enter]

1
3
5
7
9

#2. Apply with "ping" command

@echo off
for /l %%X in (5,1,10) do call ping 192.168.0.%%X -n 1

Description: Our objective is we will ping 192.168.0.5 to 10 where for each ping command reply one time as shown as parameter " -n 1 "

♦ nbtstat command windows 7

         Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS name cache and the names registered with Windows Internet Name Service (WINS). Used without parameters, nbtstat displays help.

Syntax

nbtstat [-a RemoteName] [-A IPAddress] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]

All parameter see this :
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/nbtstat.mspx?mfr=true

#1. nbtstat command at local host
     c:\windows>nbtstat -a 192.168.0.8
             or
      c:\windows>nbtstat -n

Local Area Connection:
Node IpAddress: [192.168.0.8] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    JUPITOR        <20>  UNIQUE      Registered 
    JUPITOR        <00>  UNIQUE      Registered 
    WORKGROUP      <00>  GROUP       Registered 
    WORKGROUP      <1E>  GROUP       Registered 
    WORKGROUP      <1D>  UNIQUE      Registered 
    ..__MSBROWSE__.<01>  GROUP       Registered 

    MAC Address = 00-12-3F-B1-17-A5

Fig.1 Home network topology (LAN)
above picture 192.168.0.8 is Jupitor and 192.168.0.6 is Saturn

#2. nbtstat listing remote PC on LAN

c:\windows>nbtstat -a 192.168.0.6

Local Area Connection:
Node IpAddress: [192.168.0.8] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SATURN         <00>  UNIQUE      Registered 
    WORKGROUP      <00>  GROUP       Registered 
    SATURN         <20>  UNIQUE      Registered 
    WORKGROUP      <1e>  GROUP       Registered 

    MAC Address = 00-1B-11-EA-6C-B4

#3. nbtstat listing from NetBios remote cache

c:\windows>nbtstat -c

Local Area Connection:
Node IpAddress: [192.168.0.8] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type       Host Address    Life [sec]
    ------------------------------------------------------------
    SATURN         <20>  UNIQUE          192.168.0.6         482
    SOS-NAME0710   <20>  UNIQUE          192.168.0.9         530
    DHCPPC3        <00>  UNIQUE          192.168.0.11        95

solution: There are 3 devices on LAN
               - The first one is PC named "SATURN" ip address 192.168.0.6
               - The second one is PC named "SOS-NAME0710" ip address 192.168.0.9
               - and the last on is Printer device be connectd to this network as ip address is 192.168.0.11

Friday, July 16, 2010

♦ netsh command (windows 7)

Netsh (network shell) is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers.

#1. show all network configuration.

c:\windows>netsh interface ip show config

Configuration for interface "Local Area Connection"
    DHCP enabled:                         Yes
    IP Address:                           192.168.0.8
    Subnet Prefix:                        192.168.0.0/24 (mask 255.255.255.0)
    Default Gateway:                      192.168.0.1
    Gateway Metric:                       0
    InterfaceMetric:                      20
    DNS servers configured through DHCP:  192.168.0.1
    Register with which suffix:           Primary only
    WINS servers configured through DHCP: None

Configuration for interface "Loopback Pseudo-Interface 1"
    DHCP enabled:                         No
    IP Address:                           127.0.0.1
    Subnet Prefix:                        127.0.0.0/8 (mask 255.0.0.0)
    InterfaceMetric:                      50
    Statically Configured DNS Servers:    None
    Register with which suffix:           Primary only
    Statically Configured WINS Servers:   None

#2. show firewall configuration on your PC.

c:\windows>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Standard
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
No ports are currently open on all network interfaces.

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

#3. netsh helper

c:\windows>netsh show helper

Helper GUID                             DLL Filename   Command
--------------------------------------  ------------   -------
{02BC1F81-D927-4EC5-8CBC-8DD65E3E38E8}  AUTHFWCFG.DLL  advfirewall
{FB10CBCA-5430-46CE-B732-079B4E23BE24}  AUTHFWCFG.DLL   consec
{35342B49-83B4-4FCC-A90D-278533D5BEA2}  AUTHFWCFG.DLL   firewall
{4BD827F7-1E83-462D-B893-F33A80C5DE1D}  AUTHFWCFG.DLL   mainmode
{4D0FEFCB-8C3E-4CDE-B39B-325933727297}  AUTHFWCFG.DLL   monitor
{A31CB05A-1213-4F4E-B420-0EE908B896CB}  PEERDISTSH.DLL  branchcache
{555EA58E-72B1-4F0A-9055-779D0F5400B2}  PEERDISTSH.DLL  smb
{00770721-44EA-11D5-93BA-00B0D022DD1F}  HNETMON.DLL     bridge
{6DC31EC5-3583-4901-9E28-37C28113656A}  DHCPCMONITOR.DLL  dhcpclient
{8A6D23B3-0AF2-4101-BC6E-8114B325FE17}  NETIOHLP.DLL    dnsclient
{8B3A0D7F-1F30-4402-B753-C4B2C7607C97}  FWCFG.DLL     firewall
{44F3288B-DBFF-4B31-A86E-633F50D706B3}  NSHHTTP.DLL    http
{0705ECA1-7AAC-11D2-89DC-006008B0E5B9}  IFMON.DLL       interface
{1C151866-F35B-4780-8CD2-E1924E9F03E1}  NETIOHLP.DLL    6to4
{97C192DB-A774-43E6-BE78-1FABD795EEAB}  NETIOHLP.DLL    httpstunnel
{725588AC-7A11-4220-A121-C92C915E8B73}  NETIOHLP.DLL    ipv4
{500F32FD-7064-476B-8FD6-2171EA46428F}  NETIOHLP.DLL    ipv6
.......
.......
....... (more)

#4. Dispaly/Gathering info.

Data GatheringCollapse this tableExpand this tableCommand Description 

show allowedprogram Displays the allowed programs. 
show config  ,Displays the detailed local configuration information. 
show currentprofile ,Displays the current profile. 
show icmpsetting ,Displays the ICMP settings. 
show logging ,Displays the logging settings. 
show opmode ,Displays the operational mode. 
show portopening ,Displays the excepted ports. 
show service ,Displays the services. 
show state ,Displays the current state information. 
show notifications ,Displays the current settings for notifications.

example:
    > netsh firewall show allowedprogram
    > netsh firewall show config
    > netsh firewall show logging

Thursday, July 15, 2010

♦ How to get mac from remote

#1. Use apr command find a MAC Address remote PC.
c:\windows> arp -a 192.168.0.6

Interface: 192.168.0.8 --- 0xc
  Internet Address      Physical Address      Type
  192.168.0.6           00-1b-11-ea-5c-b4     dynamic

Resolution:

The MAC Address is a unique number of Network interface card (NIC).
Size 6 byte (48 bits) and in The first three octets (in transmission order) identify the organization that issued the NIC.
"arp" command is Address Resolution Protocol (ARP) performs IP address-to-media access control address .
if you want to know your MAC Address you can use this command "ipconfig -all"
if you want to check the Format of MAC here it is web link to http://www.techzoom.net/tools/check-mac.en

#2. Use "nbtstat" command find MAC Address remote PC.

c:\windows>nbtstat -a 192.168.0.9

Local Area Connection:
Node IpAddress: [192.168.0.8] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SOS-NAME0710   <00>  UNIQUE      Registered 
    SOS-NAME0710   <20>  UNIQUE      Registered 
    SOS            <00>  GROUP       Registered 
    SOS            <1E>  GROUP       Registered 
    SOS            <1D>  UNIQUE      Registered 
    ..__MSBROWSE__.<01>  GROUP       Registered 

    MAC Address = 00-1C-26-CB-2A-85

Solution: Our pc is 192.168.0.8 then enter command "nbtstat -a 192.168.0.9" and press [Enter] so where 192.168.0.9 is target we would like to know its MAC Address. In addition you will get the name of target pc as "SOS-NAME0710"

♦ netstat command on windows 7

Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections..

Syntax

netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
-a : Displays all active TCP connections.
-e : Displays Ethernet statistics.
-n : Displays addresses and port numbers.
-o : Displays process ID (PID) for each connection.
-p : Shows connections for the protocol specified by Protocol (TCP,UDP,ICMP).
-s : Displays statistics by protocol.
-r : Displays the contents of the IP routing table. This is equivalent to the route print command.
/? : Displays help at the command prompt.

c:\windows>netstat

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    192.168.0.8:49290      hx-in-f191:http        ESTABLISHED
  TCP    192.168.0.8:49291      tx-in-f100:http        ESTABLISHED
  TCP    192.168.0.8:49292      ni-in-f104:http        ESTABLISHED

c:\windows>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             jupitor:0              LISTENING
  TCP    0.0.0.0:135            jupitor:0              LISTENING
  TCP    0.0.0.0:445            jupitor:0              LISTENING
  TCP    0.0.0.0:554            jupitor:0              LISTENING
  TCP    192.168.0.8:49290      hx-in-f191:http        ESTABLISHED
  TCP    [::]:135               jupitor:0              LISTENING
  TCP    [::]:445               jupitor:0              LISTENING
  TCP    [::]:554               jupitor:0              LISTENING
  TCP    [::]:2869              jupitor:0              LISTENING
  UDP    0.0.0.0:3544           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*

c:\windows> netstat -ao

ctive Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:80             jupitor:0              LISTENING       1516
  TCP    0.0.0.0:135            jupitor:0              LISTENING       740
  TCP    0.0.0.0:445            jupitor:0              LISTENING       4
  TCP    0.0.0.0:554            jupitor:0              LISTENING       3200
  TCP    0.0.0.0:2869           jupitor:0              LISTENING       4
  TCP    0.0.0.0:3306           jupitor:0              LISTENING       1672
  TCP    192.168.0.8:139        jupitor:0              LISTENING       4
  TCP    192.168.0.8:49290      hx-in-f191:http        ESTABLISHED     4460

c:\windows> netstat -pa TCP

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             jupitor:0              LISTENING
  TCP    0.0.0.0:135            jupitor:0              LISTENING
  TCP    0.0.0.0:445            jupitor:0              LISTENING
  TCP    0.0.0.0:554            jupitor:0              LISTENING
  TCP    0.0.0.0:2869           jupitor:0              LISTENING
  TCP    192.168.0.8:139        jupitor:0              LISTENING

c:\windows>netstat -pa UDP

Active Connections

  Proto  Local Address          Foreign Address        State
  UDP    0.0.0.0:3544           *:*                    
  UDP    127.0.0.1:1900         *:*                    
  UDP    127.0.0.1:52128        *:*                    
  UDP    127.0.0.1:59552        *:*                    
  UDP    127.0.0.1:59792        *:*                    
  UDP    192.168.0.8:137        *:*                    
  UDP    192.168.0.8:138        *:*                    
  UDP    192.168.0.8:1900       *:*                    
  UDP    192.168.0.8:54193      *:*                    
  UDP    192.168.0.8:59551      *:*

c:\windows>netstat -an | find /i "listening"

TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:554            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3306           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING

c:\windows>netstat -an | find /i "established"

TCP    192.168.0.8:445        192.168.0.6:1085       ESTABLISHED

Monday, July 12, 2010

♦ What is my hostname ?

Windows 7 Command line has a useful command "hostname" to find your hostname. try this command as shown below.

#1. use windows command "hostname" find host name.

c:\windows> hostname
jupitor

#2. use windows command "ping" find remote pc name.

c:\windows>ping -a 72.30.2.43

Pinging ir1.fp.vip.sk1.yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=565ms TTL=49
Reply from 72.30.2.43: bytes=32 time=570ms TTL=49
Reply from 72.30.2.43: bytes=32 time=558ms TTL=49
Reply from 72.30.2.43: bytes=32 time=558ms TTL=49

Ping statistics for 72.30.2.43:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 558ms, Maximum = 570ms, Average = 562ms

#3. use windows command "ping" find your IP address' PC.

c:\windows> ping -a 192.168.0.6

Pinging SATURN [192.168.0.6] with 32 bytes of data:
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128
Reply from 192.168.0.6: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.0.6:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Solution: this command will return the computer name, quick and easy. relate command : ipconfig -all

# 4. use nbtstat : Find your hostname
c:\windows> nbtstat -a [your ip address]
c:\windows> nbtstat -a 192.168.0.5

Local Area Connection:
Node IpAddress: [192.168.0.5] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    WORKGROUP      <00>  GROUP       Registered 
    JUPITOR        <00>  UNIQUE      Registered 
    JUPITOR        <20>  UNIQUE      Registered 
    WORKGROUP      <1E>  GROUP       Registered 
    WORKGROUP      <1D>  UNIQUE      Registered 
    ..__MSBROWSE__.<01>  GROUP       Registered 

    MAC Address = 00-12-3F-B1-17-A5

Description: If your IP address is 192.168.0.5 than you can get your hostname with the command "nbtstat - a [your ip address]" on above "jupitor" is hostname.

Saturday, July 10, 2010

♦ Dangerous Port 139 NetBIOS

hat is Port 139 ?
           Port 139 as netbios protocal,Windows make this port for many purpose where easy to using such as file sharing on network, printing via network. Surely worms or viruses which can use this open port to make your computer slow and damage. we recommend you close this port if you did not use its.

Check your self ?
          c:\windows> netstat -an | find /i "139"
              TCP 192.168.0.8:139          0.0.0.0:0             LISTENING
          Solution: see 192.168.0.8 , this is your IP Address and follow with 139 , 139 mean netbios protocal where shown you that this port is opened.

           c:\windows> netstat -an

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:554            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:2869           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3306           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:10243          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49157          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49158          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49159          0.0.0.0:0              LISTENING
  TCP    192.168.0.5:139        0.0.0.0:0              LISTENING
  TCP    192.168.0.5:49555      192.168.0.11:80        TIME_WAIT
  TCP    192.168.0.5:49556      192.168.0.11:80        TIME_WAIT

Solution: this is easy to remember "netstat -a" command. Above screen show you Port number 139 is opened and wait "LISTENING" some others to call and use its

How to disable port 139 on windows 7 ?

1.) Open Control Panel
2) Click, Network and Internet
3) Click, Network and Sharing Center

4) Click, Change Adaptor settings

5) Right click, Local Area Conection

6) Click, Properties

7) click "Internet Protocal Version 4(TCP/IPv4)

8) and then In General Tab click "Advance..." button.

9) click "WINS" Tab.
10) click "Disable NetBIOS over TCP/IP". and Click "OK" button

Check Again ?

c:\windows> netstat -a
or
c:\windows> netstat -a |find "139"

Solution: nothing to display,....

Reference:
https://www.securitymetrics.com/howtos/139.adp
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.html

♦ What is Mac Address on your PC

A Media Access Control address :MAC address is a unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer where It is LAN Card unique number.

I found 3 way for looking for MAC Address.
#1. using ipconfig command

Windows IP Configuration

   Host Name . . . . . . . . . . . . : jupitor
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : 00-12-3F-B1-17-A5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1843:faab:fc4:2c9a%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 july 2553 7:31:24
   Lease Expires . . . . . . . . . . : 18 july 2553 7:31:24
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 251662911
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-88-46-01-00-12-3F-B1-15-A5
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E9AB5EFE-77C6-453B-93DC-38C9F6F37820}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3408:d487:82e6:db99(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3408:d487:82e6:db99%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Solution : After you enter this command "ipconfig -all" you 'll see your MAC Address by "Physical Address" in red hightlight above.

#2. using getmac command
Short command from windows : getmac
c:\windows> getmac

Physical Address    Transport name ====================================================
00-12-3F-B1-17-A5   \Device\Tcpip_{E9AB5EFE-77C6-453B-93DC-38C9F6F37820}      
41-56-45-00-00-30   N/A

         Solution: getmac DOS command come with windows 7 easy use and get MAC Address unique number on your computer . Don't forget It is unique number of LAN Card. (or Network interface Card).

#3. using nbtstat command
      c:\windows>nbtstat -a [your ip address]
      c:\windows>nbtstat -a 192.168.0.8

Local Area Connection:
 Node IpAddress: [192.168.0.8] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    JUPITOR        <20>  UNIQUE      Registered 
    JUPITOR        <00>  UNIQUE      Registered 
    WORKGROUP      <00>  GROUP       Registered 
    WORKGROUP      <1E>  GROUP       Registered 
    WORKGROUP      <1D>  UNIQUE      Registered 
    ..__MSBROWSE__.<01>  GROUP       Registered 

    MAC Address = 00-12-3F-B1-17-A5
--end--

MAC Address Format                 MAC addresses are 48 bits, expressed as 12 hexadecimal digits (0-9, plus A-F, capitalized). The 12 hex digits of source address consist of vendor of the Ethernet network interface.
                 xx-xx-xx-xx
                 00-12-3f- xx-xx-xx is Dell inc.
Reference : Ethernet MAC

♦ To find your IP address

This is basic command , How to check what is your IP Address on your PC?

c:\windows> ipconfig

Windows IP Configuration

   Host Name . . . . . . . . . . . . : jupitor
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : 00-12-3F-B1-17-A5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1843:faab:fc4:2c9a%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 20 july 2553 15:52:03
   Lease Expires . . . . . . . . . . : 21 july 2553 15:52:03
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 251662911
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-88-46-01-00-12-3F-B1-15-A5
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E9AB5EFE-77C6-453B-93DC-38C9F6F37820}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:16:dab6:82e6:1a24(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::16:dab6:82e6:1a24%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

This command is easy for examine what is your IP address , let see above red highlight.