I have a Little Snitch (a third-party firewall application) on my Macbook running OS 10.11.1.
I noticed that because of my settings to deny most incoming connections from the LAN, the launchd process automatically denied an attempted incoming connection from an internal IP address (192.168.0.2) on UDP port 137 (NBNS).
I'm aware that NBNS is related to NetBIOS but I'm still not too sure of what it actually does. Was a machine on my LAN attempting to connect to mine in order to find out what the basics of my machine (like model or make or something)? I've never noticed a connection like this before so I'm curious if I should be worried.
.
In the screenshot: despite the arrow next to the IP address going rightwards, there's a symbol next to the log that indicates it was incoming.
Best Answer
The NetBIOS name service is somewhat similar to Apple's mDNS, but it is the older technology. Within a Windows network, it distributes the types of services your machine is offering by shouting out in the network what is has.
A citation from wikipedia:
"[…] In order to start sessions or distribute datagrams, an application must register its NetBIOS name using the name service. NetBIOS names are 16 octets in length and vary based on the particular implementation. Frequently, the 16th octet, called the NetBIOS Suffix, designates the type of resource, and can be used to tell other applications what type of services the system offers. In NBT, the name service operates on UDP port 137 (TCP port 137 can also be used, but rarely is).
The name service primitives offered by NetBIOS are:
https://en.wikipedia.org/wiki/NetBIOS#Name_service