Nbtscan

From aldeid
Jump to: navigation, search

Description

Nbtscan is a program for scanning IP networks for NetBIOS name information.

It sends Netā€BIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).

Installation

$ sudo apt-get install nbtscan

Usage

Basic syntax

$ nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] \
  [-r] [-q] [-s separator] [-m retransmits] \
  (-f filename)|(<scan_range>) 

Options

-v
verbose output. Print all names received from each host
-d
dump packets. Print whole packet contents.
-e
Format output in /etc/hosts format.
-l
Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t <timeout>
wait timeout milliseconds for response.
Default 1000.
-b <bandwidth>
Output throttling. Slow down output so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries don't get dropped.
-r
use local port 137 for scans. Win95 boxes respond to this only.
You need to be root to use this option on Unix.
-q
Suppress banners and error messages,
-s <separator>
Script-friendly output. Don't print column and record headers, separate fields with separator.
-h
Print human-readable names for services.
Can only be used with -v option.
-m <retransmits>
Number of retransmits. Default 0.
-f <filename>
Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
<scan_range>
what to scan. Can either be single IP like 192.168.1.1 or range of addresses in one of two forms: xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.

Example

Following example shows the output of nbtscan launched against a Windows XP SP3 box:

$ nbtscan 10.1.1.2
Doing NBT name scan for addresses from 10.1.1.2

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
10.1.1.2         XP-4604F61946  <server>  <unknown>        08:00:27:**:**:**

Comments

Talk:Nbtscan