Can be used to query the network concerning NetBIOS information. It can also be useful for purging the NetBIOS cache and reloading the LMHOSTS file. This one command can be extremely useful when performing security audits. When one knows how to interpret the information, it can reveal more than one might think.
Usage: nbtstat [-a RemoteName] [-A IP_address] [-c] [-n] [-R] [-r] [-S] [-s] [interval]
Switches -a Lists the remote computer's name table given its host name.
-A Lists the remote computer's name table given its IP address.
-c Lists the remote name cache including the IP addresses.
Lists the remote name cache including the IP addresses Lists local NetBIOS
names. Lists names resolved by broadcast and via WINS Purges and reloads the
remote cache name table Lists sessions table with the destination IP addresses
Lists sessions table converting destination IP addresses to host names via the
hosts file.
-n Lists local NetBIOS names.
-r Lists names resolved by broadcast and via WINS.
-R Purges and reloads the remote cache name table.
-S Lists sessions table with the destination IP addresses.
-s Lists sessions table converting destination IP addresses to host names via the
hosts file.
interval This will redisplay the selected statistics, pausing for the number of seconds you
choose as "interval" between each listing. Press CTRL+C to stop.
Notes on NBTSTAT
The column headings generated by NBTSTAT have the following meanings:
Input
Number of bytes received.
Output
Number of bytes sent.
In/Out
Whether the connection is from the computer (outbound) or from another system to
the local computer (inbound).
Life
The remaining time that a name table cache entry will "live" before your computer
purges it.
Local Name
The local NetBIOS name given to the connection.
Remote Host
The name or IP address of the remote host.
Type
A name can have one of two types: unique or group.
The last byte of the 16 character NetBIOS name often means something because
the same name can be present multiple times on the same computer. This shows
the last byte of the name converted into hex.
State
Your NetBIOS connections will be shown in one of the following "states":
State Meaning
Accepting An incoming connection is in process.
Associated The endpoint for a connection has been created and your computer has ssociated it with an IP address.
Connected This is a good state! It means you're connected to the remote resource.
Connecting Your session is trying to resolve the name-to-IP address mapping of the destination resource.
Disconnected Your computer requested a disconnect, and it is waiting for the remote computer to do so.
Disconnecting Your connection is ending.
Idle The remote computer has been opened in the current session, but is currently not accepting connections.
Inbound An inbound session is trying to connect.
Listening The remote computer is available.
Outbound Your session is creating the TCP connection.
Reconnecting If your connection failed on the first attempt, it will display this state as it tries to reconnect.
Name Number Type Usage
=========================================================================
<computername> 00 U Workstation Service
<computername> 01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
<computername> 03 U Messenger Service
<computername> 06 U RAS Server Service
<computername> 1F U NetDDE Service
<computername> 20 U File Server Service
<computername> 21 U RAS Client Service
<computername> 22 U Exchange Interchange
<computername> 23 U Exchange Store
<computername> 24 U Exchange Directory
<computername> 30 U Modem Sharing Server Service
<computername> 31 U Modem Sharing Client Service
<computername> 43 U SMS Client Remote Control
<computername> 44 U SMS Admin Remote Control Tool
<computername> 45 U SMS Client Remote Chat
<computername> 46 U SMS Client Remote Transfer
<computername> 4C U DEC Pathworks TCPIP Service
<computername> 52 U DEC Pathworks TCPIP Service
<computername> 87 U Exchange MTA
<computername> 6A U Exchange IMC
<computername> BE U Network Monitor Agent
<computername> BF U Network Monitor Apps
<username> 03 U Messenger Service
<domain> 00 G Domain Name
<domain> 1B U Domain Master Browser
<domain> 1C G Domain Controllers
<domain> 1D U Master Browser
<domain> 1E G Browser Service Elections
<INet~Services> 1C G Internet Information Server
<IS~Computer_name> 00 U Internet Information Server
<computername> [2B] U Lotus Notes Server
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA Irmalan Gateway Service
Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.
Group (G): A normal group; the single name may exist with many IP addresses.
Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.
Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.
Domain Name (D): New in NT 4.0
No comments:
Post a Comment