NBTScan is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn’t do what I wanted or ran only on the Windows platforms: mine runs on just about everything.
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
-v verbose output. Print all names received from each host -d dump packets. Print whole packet contents. -e Format output in /etc/hosts format. -l Format output in lmhosts format. Cannot be used with -v, -s or -h options. -t timeout wait timeout milliseconds for response. Default 1000. -b bandwidth Output throttling. Slow down output so that it uses no more that bandwidth bps. Useful on slow links, so that ougoing queries don't get dropped. -r use local port 137 for scans. Win95 boxes respond to this only. You need to be root to use this option on Unix. -q Suppress banners and error messages, -s separator Script-friendly output. Don't print column and record headers, separate fields with separator. -h Print human-readable names for services. Can only be used with -v option. -m retransmits Number of retransmits. Default 0. -f filename Take IP addresses to scan from file filename. -f - makes nbtscan take IP addresses from stdin. <scan_range> what to scan. Can either be single IP like 192.168.1.1 or range of addresses in one of two forms: xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx. Examples: nbtscan -r 192.168.1.0/24 Scans the whole C-class network. nbtscan 192.168.1.25-137 Scans a range from 192.168.1.25 to 192.168.1.137 nbtscan -v -s : 192.168.1.0/24 Scans C-class network. Prints results in script-friendly format using colon as field separator. Produces output like that: 192.168.0.1:NT_SERVER:00U 192.168.0.1:MY_DOMAIN:00G 192.168.0.1:ADMINISTRATOR:03U 192.168.0.2:OTHER_BOX:00U ... nbtscan -f iplist Scans IP addresses specified in file iplist.
cyborg@cyborg:~$ sudo nbtscan -r 192.168.1.0/24 Doing NBT name scan for addresses from 192.168.1.0/24 IP address NetBIOS Name Server User MAC address ------------------------------------------------------------------------------ 192.168.1.0 Sendto failed: Permission denied 192.168.1.241 <unknown> <unknown> 192.168.1.51 ZTRELA-PC <server> <unknown> 17-52-d0-27-e5-15 192.168.1.54 ZTRELA-N1SP7BJ <server> <unknown> 1b-4a-6d-25-8f-e1 192.168.1.57 ZTRELA2-PC <server> <unknown> 06-e4-4c-f5-00-8f 192.168.1.60 ZTRELA4-PC <server> <unknown> d7-f7-33-74-5a-ba 192.168.1.72 BLACK7 <server> <unknown> 71-3e-5b-c2-a0-2f