Description:
This command should be executed from the
command line.
This diagnostic command displays protocol
statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
This means that Windows networking (ie: file
and print sharing) is possible between your computer and a remote computer,
even though the connection is being made across the 'net.
NetBIOS is a non-routable but very fast means of networking two or more
computers. Since 'routing' is impossible a network configuration known
as peer-to-peer will result. TCP/IP is a combined network protocol that
is fully routable.
Wrapping net BIOS packets WITHIN TCP/IP packets allows the net BIOS packet
to be routed across a WAN, i.e. two or more LAN's can be connected via
a WAN.
Nbtstat confirms that the remote computer
is capable of connecting to your machine, and indicates the scope of that
connection.
If, whilst port scanning
a remote machine, you find port 139 to be open, then the 'nbtstat' command
can be used to gain information from that machine.
Parameters:
| nbtstat [-a remotename]
[-A IP address] [-c] [-n] [-R] [-r] [-S] [-s] [interval] |
| |
|
|
| |
-a remotename |
Lists the remote
computer's name table using its name |
| |
-A IP address |
Lists the remote
computer's name table using its IP address. |
| |
-c |
Lists the contents
of the net BIOS name cache giving the IP address of each name |
| |
-n |
Lists local net
BIOS names. Registered indicates that the name is registered by broadcast
(Bnode) or WINS (other node types). |
| |
-R |
Reloads the L
M H O S T S file after purging all names from the net BIOS name cache. |
| |
-r |
Lists name resolution
statistics for Windows networking name resolution. On a Windows NT
computer configured to use WINS, this option returns the number of
names resolved and registered via broadcast or via WINS. |
| |
-S |
Displays both
client and server sessions, listing the remote computers by IP address
only. |
| |
-s |
Displays both
client and server sessions. It attempts to convert the remote computer
IP address to a name using the HOSTS file. |
| |
interval |
Re displays selected
statistics, pausing interval seconds between each display. Press CTRL+C
to stop re displaying statistics. If this parameter is omitted, n
b t s t a t prints the current configuration information once. |
Example:
|
C:\>nbtstat
-A 196.27.39.94
NetBIOS
Remote Machine Name Table
| Name |
|
Type |
Status |
| VFE1 |
<00> |
UNIQUE |
Registered |
| EPOLHO |
<00> |
GROUP |
Registered |
| VFE1 |
<20> |
UNIQUE |
Registered |
| VFE1 |
<03> |
UNIQUE |
Registered |
| INet~Services |
<1C> |
GROUP |
Registered |
| IS~VFE1........ |
<00> |
UNIQUE |
Registered |
| EPOLHO |
<1E> |
GROUP |
Registered |
| VFE1 |
<01> |
UNIQUE |
Registered |
| EPOLHO |
<1D> |
UNIQUE |
Registered |
| ..__MSBROWSE__. |
<01> |
GROUP |
Registered |
| ADMINISTRATOR |
<03> |
UNIQUE |
Registered |
MAC
Address = 00-20-AF-F9-C8-CA
C:\>nbtstat
-A 196.27.36.1
Host
not found.
|
The following table shows
what each column heading returned by 'Nbtstat' mean:
| Input |
Number of bytes
received. |
| Output |
Number
of bytes sent. |
| In/Out |
Whether the connection
is from the computer (outbound) or from another system to the local
computer (inbound). |
| Life |
The remaining
time that a name table cache entry will live before it is purged. |
| Local
Name |
The local net
BIOS name associated with the connection. |
| Remote
Host |
The name or IP
address associated with the remote computer. |
| Type |
Refers to the
type of name. A name can either be a unique name or a group name. |
| <03> |
Each net BIOS
name is 16 characters long. This last byte often has special significance
since the same name may be present several times on a computer differing
only in the last byte. This notation is simply the last byte converted
to hexadecimal. <20> is a space in ASCII for example. |
| State |
The state of
net BIOS connections. The possible states are: |
| |
| State |
Meaning |
| Connected |
The session
has been established. |
| Associated |
A
connection end point has been created and associated with an
IP address. |
| Listening |
This end
point is available for an inbound connection. |
| Idle |
This end
point has been opened but cannot receive connections. |
| Connecting |
The session
is in the connecting phase where the name-to-IP address mapping
of the destination is being resolved. |
| Accepting |
An inbound
session is currently being accepted and will be connected shortly. |
| Reconnecting |
A session
is trying to reconnect if it failed to connect on the first
attempt. |
| Outbound |
A session
is in the connecting phase where the TCP connection is currently
being created. |
| Inbound |
An inbound
session is in the connecting phase. |
| Disconnecting |
A session
is in the process of disconnecting. |
| Disconnected |
The local
computer has issued a disconnect, and it is waiting for confirmation
from the remote system. |
|
|