Usage NBTscan is a command-line tool. You have to supply at least one argument - address range in one of three forms: xxx.xxx.xxx.xxx Single IP in dotted-decimal notation. Example: 192.168.1.1. xxx.xxx.xxx.xxx/xx Net address and subnet mask. Example: 192.168.1.0/24 xxx.xxx.xxx.xxx-xxx Address range. Example: 192.168.1.1-127. This will scan all addresses from 192.168.1.1 to 192.168.1.127. It also understands the following switches: +-------------------------------------------------------------------------------------------------+ | Option | Meaning | Usage example | |-----------+---------------+---------------------------------------------------------------------| |-----------+---------------+---------------------------------------------------------------------| | | |>nbtscan -v 192.168.1.123 | | | |NetBIOS Name Table for Host 192.168.1.123: | | | | | | | |Name Service Type | | |verbose output.|---------------------------------------- | | |Print all names|DPTSERVER <00> UNIQUE | |-v |received from |DPTSERVER <20> UNIQUE | | |each host |DEPARTMENT <00> GROUP | | | |DPTSERVER <03> UNIQUE | | | |DPTSERVER <01> UNIQUE | | | | | | | |Adapter address: 00-a0-c9-12-34-56 | | | |---------------------------------------- | |-----------+---------------+---------------------------------------------------------------------| | | |>nbtscan -d 192.168.1.123 | | | | | | | |Packet dump for Host 192.186.1.2: | | | | | | | |Transaction ID: 0x02e9 (745) | | |dump packets. |Flags: 0x8400 (33792) | | |Print whole |Question count: 0x0000 (0) | | |packet |Answer count: 0x0001 (1) | |-d |contents. |Name service count: 0x0000 (0) | | |Cannot be used |Additional record count: 0x0000 (0) | | |with -v, -s or |Question name: CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | | |-h options. |Question type: 0x0021 (33) | | | |Question class: 0x0001 (1) | | | |Time to live: 0x00000000 (0) | | | |Rdata length: 0x0089 (137) | | | |Number of names: 0x05 (5) | | | | | | | | | |-----------+---------------+---------------------------------------------------------------------| | | |> ./nbtscan -e 192.168.75.0/28 | | | |192.168.75.2 M3I4W6 | | | |192.168.75.3 BOCKSTAEL | | | |192.168.75.4 PCROGER | | |Format output |192.168.75.6 R392900055 | |-e |in /etc/hosts |192.168.75.12 SONY | | |format. |192.168.75.13 DSNRVTWF | | | |192.168.75.14 G8F8N7 | | | |192.168.75.15 VAIO | | | | | | | | | |-----------+---------------+---------------------------------------------------------------------| | | |> ./nbtscan -e 192.168.75.0/28 | | | |192.168.75.2 M3I4W6 #PRE | | | |192.168.75.3 BOCKSTAEL #PRE | | | |192.168.75.4 PCROGER #PRE | | |Format output |192.168.75.6 R392900055 #PRE | |-l |in lmhosts |192.168.75.12 SONY #PRE | | |format. |192.168.75.13 DSNRVTWF #PRE | | | |192.168.75.14 G8F8N7 #PRE | | | |192.168.75.15 VAIO #PRE | | | | | | | | | |-----------+---------------+---------------------------------------------------------------------| | |wait timeout |>nbtscan -d 192.168.1.123 | |-t timeout |seconds for | | | |response. | | | |Default 1. | | |-----------+---------------+---------------------------------------------------------------------| | |Output | | | |throttling. | | | |Slow down | | | |packet output | | | |so that it uses|>nbtscan -b 28800 192.168.1.123 | |-b |no more that | | |bandwidth |bandwidth bps. | | | |Useful on slow | | | |links, so that | | | |ougoing queries| | | |don't get | | | |dropped. | | |-----------+---------------+---------------------------------------------------------------------| | |use local port | | | |137 for scans. | | | |Win95 boxes |>nbtscan -r 192.168.1.123 | |-r |respond to this| | | |only. You need | | | |to be root to | | | |use this option| | | |on Unix. | | |-----------+---------------+---------------------------------------------------------------------| | |Suppress |>nbtscan -q 192.168.1.123 | |-q |banners and | | | |error messages | | |-----------+---------------+---------------------------------------------------------------------| | | |>nbtscan -s : 192.168.1.1-24 | | | |192.168.1.1:DIRDY-BIRDY ::JOED :00-a0-c9-12-34-56 | | | |192.168.1.4:MIGHTY :nbtscan -s : -v 192.168.1.1 | |separator |and record |194.186.12.236:DIRDY-BIRDY :00U | | |headers, |194.186.12.236:COMPANY__COM :00G | | |separate fields|194.186.12.236:DIRDY-BIRDY :20U | | |with separator.|194.186.12.236:DIRDY-BIRDY :03U | | | |194.186.12.236:COMPANY__COM :1eG | | | |194.186.12.236:JOED :03U | | | |194.186.12.236:MAC:00-a0-c9-12-34-56 | | | | | |-----------+---------------+---------------------------------------------------------------------| | | |>nbtscan -s : -h -v 192.168.1.1 | | |Print |194.186.12.236:DIRDY-BIRDY :Workstation Service | | |human-readble |194.186.12.236:COMPANY__COM :Domain Name | | |names for |194.186.12.236:DIRDY-BIRDY :File Server Service | |-h |services. Can |194.186.12.236:DIRDY-BIRDY :Messenger Service | | |only be used |194.186.12.236:COMPANY__COM :Browser Service Elections | | |with -v option.|194.186.12.236:JOED :Messenger Service | | | |194.186.12.236:MAC:00-a0-c9-12-34-56 | | | | | |-----------+---------------+---------------------------------------------------------------------| |-m |Number of |>nbtscan -m 2 192.168.1.123 | |retransmits|retransmits. | | | |Default 0. | | |-----------+---------------+---------------------------------------------------------------------| | |Take IP | | | |addresses to | | | |scan from file | | | |filename > | | |-f filename|nbtscan -f | | | |my_ips.txt | | | | | | +-------------------------------------------------------------------------------------------------+