From aldeid
Jump to navigation Jump to search


Nbtscan is a program for scanning IP networks for NetBIOS name information.

It sends Netā€BIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).


$ sudo apt-get install nbtscan


Basic syntax

$ nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] \
  [-r] [-q] [-s separator] [-m retransmits] \
  (-f filename)|(<scan_range>) 


verbose output. Print all names received from each host
dump packets. Print whole packet contents.
Format output in /etc/hosts format.
Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t <timeout>
wait timeout milliseconds for response.
Default 1000.
-b <bandwidth>
Output throttling. Slow down output so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries don't get dropped.
use local port 137 for scans. Win95 boxes respond to this only.
You need to be root to use this option on Unix.
Suppress banners and error messages,
-s <separator>
Script-friendly output. Don't print column and record headers, separate fields with separator.
Print human-readable names for services.
Can only be used with -v option.
-m <retransmits>
Number of retransmits. Default 0.
-f <filename>
Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
what to scan. Can either be single IP like or range of addresses in one of two forms: xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.


Following example shows the output of nbtscan launched against a Windows XP SP3 box:

$ nbtscan
Doing NBT name scan for addresses from

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------         XP-4604F61946  <server>  <unknown>        08:00:27:**:**:**