The Web Local
 

 

 

Nbtscan

 

NBTscan scans IP networks for Microsoft Windows NetBIOS name information. It sends NetBIOS status queries to all hosts specified in the range to check and outputs the information directly to screen. The results list:

 

  •     IP address,

  •     NetBIOS computer name,

  •     logged-in user name,

  •     MAC address.

 

Installation:

 

./configure & make && make install (as you would expect)

 

Usage:

 nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
    -v verbose output. Print all names received from each host
    -d dump packets. Print whole packet contents.
    -e Format output in /etc/hosts format.
    -l Format output in lmhosts format. Cannot be used with -v, -s or -h options.
    -t timeout wait timeout imilliseconds for response. Default 1.
    -b bandwidth Output throttling. Slows down output uses no more that bandwidth.

    (Useful on slow links, so outgoing queries don't get dropped.)
    -r use local port 137 for scans. Win95 boxes respond to this only.
    -q Suppress banners and error messages,
    -s Script-friendly output. Don't print column/record headers
    -h Print human-readable names for services. Can only be used with -v option.
    -m retransmits Number of retransmits. Default 0.
    -f filename Take IP addresses to scan from file filename
    -f - makes nbtscan take IP addresses from stdin.
    <scan_range> what to scan. Either single IP i.e. 192.168.1.1 or range of addresses

    in one of two forms:
    xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
 

Examples:

 

nbtscan -r 192.168.0.0/24
 

Scans the whole C-class network.

Doing NBT name scan for addresses from 192.168.0.0/24

NetBIOS Name Table for Host 192.168.0.1:

Name Service Type
----------------------------------------
WORK1 <00> UNIQUE
WORK1 <20> UNIQUE
WORKGROUP <00> GROUP

Adapter address: 00-02-b3-a7-6a-50
----------------------------------------

NetBIOS Name Table for Host 192.168.0.99:

Name Service Type
----------------------------------------
2003-SVR <00> UNIQUE
2003-SVR <20> UNIQUE
ConfigServer <1c> GROUP
WORKGROUP <00> GROUP
2003-svr <2d> UNIQUE
WORKGROUP <1e> GROUP
WORKGROUP <1d> UNIQUE
__MSBROWSE__ <01> GROUP
 

nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137


nbtscan -v -s : 192.168.0.0/24
Scans C-class network. Prints results in script-friendly format using colon as field separator. Produces output like that:


192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U

nbtscan -f iplist
Scans IP addresses specified in file iplist.

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews:

 

 

 

  
 

© VulnerabilityAssessment.co.uk 23 February 2008