Sure, just type:
C:\> nbtstat -A 127.0.0.1
Note:(Be sure to use capitol A and insert the real IP instead of the
loopback address and you'll get the NetBIOS name table from the
Results of "nbtstat /?" command
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given
-A (Adapter status) Lists the remote machine's name table given
-c (cache) Lists the remote name cache including the IP
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via
-R (Reload) Purges and reloads the remote cache name
-S (Sessions) Lists sessions table with the destination IP
-s (sessions) Lists sessions table converting destination
addresses to host names via the hosts file.
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval
between each display. Press Ctrl+C to stop
From: Ambrose Li [SMTP:news-misc @
Sent: Tuesday, March 11, 1997 4:33 PM
To: firewalls @
Subject: How to detect NetBIOS name given IP address
I guess this is only peripherally on-topic: I noticed some
strange packets (NetBIOS-ssn) in my logs, and now I need to
determine which machine generated those packets given only
its IP address. Does anyone know if this is possible?
(If not, I can check the Ethernet address of all potential
machines, since I already figured out the Ethernet address;
but I wonder if somehow I can get the offending machine to
report its own identity.)
Ambrose Li. acli @
Ming Pao Newspapers (Canada) Ltd.,
department. 1355 Huntingwood Drive, Scarborough, Ontario, M1S 3J1,
Voice +1 416 321 0088 x272 Fax +1 416 321 9663. My favourite OS has
typographic identity; but I would rather use Garamond than Franklin