Firewalls: RE: How to detect netbios name given IP address

Firewalls
(March 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: How to detect netbios name given IP address
From:	"Donahue, David (PB-d4bdona)" <d4bdona @ msg . PacBell . COM>
Date:	Tue, 11 Mar 1997 16:44:37 -0800
To:	"'Ambrose Li'" <acli @ mingpaoxpress . com>, "'firewalls @ GreatCircle . COM'" <firewalls @ GreatCircle . COM>

Sure, just type:

C:\> nbtstat -A 127.0.0.1

Note:(Be sure to use capitol A and insert the real IP instead of the 
loopback address and you'll get the NetBIOS name table from the 
machine remotely)


----------------

Results of "nbtstat /?" command

----
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n]
        [-r] [-R] [-s] [-S] [interval] ]

  -a   (adapter status) Lists the remote machine's name table given 
its name
  -A   (Adapter status) Lists the remote machine's name table given 
its
                        IP address.
  -c   (cache)          Lists the remote name cache including the IP 
addresses
  -n   (names)          Lists local NetBIOS names.
  -r   (resolved)       Lists names resolved by broadcast and via 
WINS
  -R   (Reload)         Purges and reloads the remote cache name 
table
  -S   (Sessions)       Lists sessions table with the destination IP 
addresses
  -s   (sessions)       Lists sessions table converting destination 
IP
                        addresses to host names via the hosts file.

  RemoteName   Remote host machine name.
  IP address   Dotted decimal representation of the IP address.
  interval     Redisplays selected statistics, pausing interval 
seconds
               between each display. Press Ctrl+C to stop 
redisplaying
               statistics.



-----Original Message-----
From:	Ambrose Li [SMTP:news-misc @
 mingpaoxpress .
 com]
Sent:	Tuesday, March 11, 1997 4:33 PM
To:	firewalls @
 GreatCircle .
 COM
Subject:	How to detect NetBIOS name given IP address

I guess this is only peripherally on-topic: I noticed some
strange packets (NetBIOS-ssn) in my logs, and now I need to
determine which machine generated those packets given only
its IP address.  Does anyone know if this is possible?

(If not, I can check the Ethernet address of all potential
machines, since I already figured out the Ethernet address;
but I wonder if somehow I can get the offending machine to
report its own identity.)

--
Ambrose Li. acli @
 mingpaoxpress .
 com .
  Ming Pao Newspapers (Canada) Ltd., 
EDP
department. 1355 Huntingwood Drive, Scarborough, Ontario, M1S 3J1, 
Canada.
Voice +1 416 321 0088 x272 Fax +1 416 321 9663. My favourite OS has 
yet no
typographic identity; but I would rather use Garamond than Franklin 
Gothic

Follow-Ups:

Re: How to detect netbios name given IP address
From: ArkanoiD <ark @ paranoid . convey . ru>

Indexed By Date	Previous:	Re: plug-gw and tis and ipfs From: "Lee, Jong Soo" <nanna @ hanil . co . kr>
Indexed By Date	Next:	RE: Stack overflows in firewalls From: Ambrose Li <acli @ mingpaoxpress . com>
Indexed By Thread	Previous:	How to detect netbios name given IP address From: Ambrose Li <news-misc @ mingpaoxpress . com>
Indexed By Thread	Next:	Re: How to detect netbios name given IP address From: ArkanoiD <ark @ paranoid . convey . ru>