Nbtscan
Jump to navigation
Jump to search
Description
Nbtscan is a program for scanning IP networks for NetBIOS name information.
It sends Net‐BIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).
Installation
$ sudo apt-get install nbtscan
Usage
Basic syntax
$ nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] \ [-r] [-q] [-s separator] [-m retransmits] \ (-f filename)|(<scan_range>)
Options
- -v
- verbose output. Print all names received from each host
- -d
- dump packets. Print whole packet contents.
- -e
- Format output in /etc/hosts format.
- -l
- Format output in lmhosts format.
- Cannot be used with -v, -s or -h options.
- -t <timeout>
- wait timeout milliseconds for response.
- Default 1000.
- -b <bandwidth>
- Output throttling. Slow down output so that it uses no more that bandwidth bps.
- Useful on slow links, so that ougoing queries don't get dropped.
- -r
- use local port 137 for scans. Win95 boxes respond to this only.
- You need to be root to use this option on Unix.
- -q
- Suppress banners and error messages,
- -s <separator>
- Script-friendly output. Don't print column and record headers, separate fields with separator.
- -h
- Print human-readable names for services.
- Can only be used with -v option.
- -m <retransmits>
- Number of retransmits. Default 0.
- -f <filename>
- Take IP addresses to scan from file filename.
- -f - makes nbtscan take IP addresses from stdin.
- <scan_range>
- what to scan. Can either be single IP like 192.168.1.1 or range of addresses in one of two forms: xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
Example
Following example shows the output of nbtscan launched against a Windows XP SP3 box:
$ nbtscan 10.1.1.2 Doing NBT name scan for addresses from 10.1.1.2 IP address NetBIOS Name Server User MAC address ------------------------------------------------------------------------------ 10.1.1.2 XP-4604F61946 <server> <unknown> 08:00:27:**:**:**