NBTScan is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn’t do what I wanted or ran only on the Windows platforms: mine runs on just about everything.



nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)


        -v		verbose output. Print all names received
			from each host
	-d		dump packets. Print whole packet contents.
	-e		Format output in /etc/hosts format.
	-l		Format output in lmhosts format.
			Cannot be used with -v, -s or -h options.
	-t timeout	wait timeout milliseconds for response.
			Default 1000.
	-b bandwidth	Output throttling. Slow down output
			so that it uses no more that bandwidth bps.
			Useful on slow links, so that ougoing queries
			don't get dropped.
	-r		use local port 137 for scans. Win95 boxes
			respond to this only.
			You need to be root to use this option on Unix.
	-q		Suppress banners and error messages,
	-s separator	Script-friendly output. Don't print
			column and record headers, separate fields with separator.
	-h		Print human-readable names for services.
			Can only be used with -v option.
	-m retransmits	Number of retransmits. Default 0.
	-f filename	Take IP addresses to scan from file filename.
			-f - makes nbtscan take IP addresses from stdin.
	<scan_range>	what to scan. Can either be single IP
			like or
			range of addresses in one of two forms: 
			xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
	nbtscan -r
		Scans the whole C-class network.
		Scans a range from to
	nbtscan -v -s :
		Scans C-class network. Prints results in script-friendly
		format using colon as field separator.
		Produces output like that:
	nbtscan -f iplist
		Scans IP addresses specified in file iplist.


cyborg@cyborg:~$ sudo nbtscan -r
Doing NBT name scan for addresses from

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------	 Sendto failed: Permission denied    <unknown>                  <unknown>     ZTRELA-PC        <server>  <unknown>        17-52-d0-27-e5-15     ZTRELA-N1SP7BJ   <server>  <unknown>        1b-4a-6d-25-8f-e1     ZTRELA2-PC       <server>  <unknown>        06-e4-4c-f5-00-8f     ZTRELA4-PC       <server>  <unknown>        d7-f7-33-74-5a-ba     BLACK7           <server>  <unknown>        71-3e-5b-c2-a0-2f

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?