Using the nbtstat Utility Networking

NetBIOS associates names with workstations. But NetBIOS is only an upper-layer interface and requires a transport protocol. In many cases, TCP/ IP is used. You use the nbtstat utility to do the following:

  • Track NetBIOS over TCP/IP statistics
  • Show the details of incoming and outgoing NetBIOS over TCP/IP connections
  • Resolve NetBIOS names

Because NetBIOS name resolution is primarily a Windows network issue, the nbtstat command is available only in Windows-based operating systems.

To display a basic description of nbtstat and its associated options, type nbtstat at the command line. You’ll use these options to configure the display of information about NetBIOS over TCP/IP hosts. Here are some of the switches you can use:

  • –a –A
  • –c –n
  • –r –R
  • –S –s

The–a Switch
The –a switch displays a remote machine’s NetBIOS name table, which is a list of all the Net- BIOS names that that particular machine “knows about.” The following command produced the output for the server S1

nbtstat a S1

NetBIOS remote machine name table

Last Byte Identifiers for unique names

Last Byte Identifiers for group names

As you can see, using this switch produces an output with four columns. The Name column gives the NetBIOS name entry of the host in the NetBIOS name table of the remote machine. The next column displays a unique two-digit hexadecimal identifier for the NetBIOS name. This identifier represents the last byte of the NetBIOS name shown in the Name column and is necessary because the same name might be used several times on the same station. It uniquely identifies which service on the host the name is referencing.

The Type column refers to the type of NetBIOS name being referenced:

  • Unique NetBIOS names refer to individual hosts.
  • Group names refer to the names of logical groupings of workstations, either domains or workgroups.

The Status column refers to the status of the NetBIOS name for the specified host, regardless of whether the name has been registered with the rest of the network.

The–A Switch

The –A switch works exactly as the –a switch and produces the same output; only the syntax of the command is different. First, you use an uppercase A instead of a lowercase a. Second, you use the IP address of the host whose NetBIOS name table you want to view instead of the Net- BIOS name. The syntax includes the nbtstat command followed by the –A switch and finally the IP address of the host whose NetBIOS table you want to view:

nbtstat –A

The–c Switch

The function of the –c switch is to display the local NetBIOS name cache on the workstation on which it is run.

sample output of thenbtstat –ccommand.

The–c Switch

Each entry in this display shows the NetBIOS name, the hex ID for the service that was accessed, the type of NetBIOS name (unique or group), the IP address that the name resolves to, and its Life (in seconds). The Life amount dictates how long (in seconds) each entry will live in the cache. When this time expires, the entry is deleted from the cache.

The–n Switch

You use the –n switch to display the local NetBIOS name table on a Windows device. The output is similar to the output of the –a switch, except that instead of displaying the NetBIOS name table of another host, you are displaying it for the machine on which you are running the command.

Sample output of thenbstat -ncommand

Sample output of thenbstat -ncommand

The–r Switch
This switch is probably the most commonly used switch when NetBIOS over TCP/IP (NBT) statistics are checked. The –r switch displays the statistics of how many NetBIOS names have been resolved to TCP/IP addresses.

The–r Switch

As you can see, the statistics are divided into categories. The first category is NetBIOS Names Resolution and Registration Statistics, which shows how many names have been resolved or registered either by broadcasts on the local segment or by lookup from a WINS name server. The second category gives the NetBIOS unique and group names and their associated hex IDs that were resolved or registered. In Figure the output shows that no WINS server is operating, so all NetBIOS names were resolved by broadcast only. This is evident from the lack of statistics of names resolved by a name server.

The –R Switch

The -R switch is the exception that proves the rule because it has nothing to do with the –r switch. Let’s say that you have a bad name in the NetBIOS name cachebut the right name is in the LMHOSTS file. The LMHOSTS file contains NetBIOS names of stations and their associated IP addresses. Also, the cache is consulted before the LMHOSTS file is. The problem here is that the bad address will be in the cache (until it expires). To purge the NetBIOS name table cache and reload the LMHOSTS file into memory, simply use the nbtstat command with the –R switch, like so:

nbtstat –R

The–S Switch

You use the -S switch to display the NetBIOS sessions table, which lists all the NetBIOS sessions, incoming and outgoing, to and from the host where you issue the command. The –S switch displays both workstation and server sessions but lists remote addresses by IP address only.

sample output of the nbtstat –S command

The–S Switch

The NetBIOS name is displayed along with its hex ID. The state of each session is also shown. An entry in the In/Out column determines whether the connection has been initiated from the computer on which you are running nbtstat (outbound) or whether another computer has initiated the connection to this computer (inbound). The numbers in the Input and Output columns indicate (in bytes) the amount of data transferred between this station and the station listed in that entry.

The–s Switch

As with the –A and –a switches, the lowercase –s switch is similar to its uppercase sibling. The nbtstat –s command produces the same output as nbtstat –S except that it tries to resolve remote host IP addresses into host names, if possible.

Sample output of thendstat -scommand

Sample output of thendstat -scommand

Face Book Twitter Google Plus Instagram Youtube Linkedin Myspace Pinterest Soundcloud Wikipedia

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

Networking Topics