수안이의 컴퓨터 연구실General Information
NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.
Version 1.5 is now available. See Change Log for changes since previous release.
NBTscan compiles and runs on Unix and Windows. I have tested it on Windows NT 4.0, Windows 2000, FreeBSD 4.3, OpenBSD 2.8 and RedHat Linux 7.1 and 7.3. It should also compile and run on Solaris and other Linuxes as well.
Steve Coleman (Steve (dot) Coleman (at) jhuapl (dot) edu) ported previous versions of NBTscan to Solaris, HP-UX and OSF/1 and fixed several bugs. He reports that NBTscan also runs on IRIX/SGI with minor problems. I was also told that NBTscan runs on AIX (Antonio Dell'elce) and SunOS 4.1.3_U1 (Joe Cline). Mohammad A. Haque (mhaque (at) haque (dot) net) ported nbtscan to Darwin.
This program is a successor of a perl script with the same name and does essentially the same thing, being much faster though. NBTscan produces a report like that:
IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
192.168.1.2 MYCOMPUTER JDOE 00-a0-c9-12-34-56
192.168.1.5 WIN98COMP <server> RROE 00-a0-c9-78-90-00
192.168.1.123 DPTSERVER <server> ADMINISTRATOR 08-00-09-12-34-56
First column lists IP address of responded host. Second column is computer name. Third column indicates if this computer shares or is able to share files or printers. For NT machine it means that Server Service is running on this computer. For Windows 95 it means that "I want to be able to give others access to my files" or "I want to be able to allow others to print on my printer(s)" checkbox is ticked (in Control Panel/Network/File and Print Sharing). Most often it means that this computer shares files. Third column shows user name. If no one is logged on from this computer it is same as computer name. Last column shows adapter MAC address.
If run with -v switch NBTscan lists whole NetBIOS name table for each responded address. The output looks like that:
NetBIOS Name Table for Host 192.168.1.123:
Name Service Type
----------------------------------------
DPTSERVER <00> UNIQUE
DPTSERVER <20> UNIQUE
DEPARTMENT <00> GROUP
DEPARTMENT <1c> GROUP
DEPARTMENT <1b> UNIQUE
DEPARTMENT <1e> GROUP
DPTSERVER <03> UNIQUE
DEPARTMENT <1d> UNIQUE
??__MSBROWSE__? <01> GROUP
INet~Services <1c> GROUP
IS~DPTSERVER <00> UNIQUE
DPTSERVER <01> UNIQUE
Adapter address: 00-a0-c9-12-34-56
----------------------------------------
FAQ
Where can I get NBTscan?
Download it from http://www.inetcat.net/software/nbtscan.html . I used to have inetcat.org domain but it was grabbed by cybersquatters, so I had to move to inetcat.net.
Is there source code available ?
Yes. Same as above.
NBTscan lists my Windows boxes just fine but does not list my unixes or routers. Why?
That is the way it is supposed to work. NBTscan uses NetBIOS for scanning and NetBIOS is only implemented by Windows (and some software on Unix such as Samba)
I get some error message on a certain operating system while compiling or running NBTscan. What can I do?
If you get errors compiling there is not much I can help you with. I don't have every possible version of every possible OS, so I wouldn't be able to reproduce your problem. Try to figure out what is going wrong, make a patch and send it to me. :)
If you get unexpected results running nbtscan and you think it is a bug, send me a bug report. Describe your environment (OS, version of nbtscan, how big the network you are scanning is, are there any firewalls on the way) and make a packet dump if possible. Comparing the results produced by nbtscan with results of nbtstat -a (Windows utility) also helps to find the problem. If you get same results from nbtscan and nbtstat, this probably means that the problem is in the network setup, not in nbtscan.
Are there any docs in Russian?
No. I am too lazy to do translation. If you are willing to translate docs to Russian or any other language for that matter, you are more than welcome.
How do I write NBTscan output into a file?
Just like any other program:
nbtscan 123.45.67.89 > filename
Works on both Unix and Windows.
How do I make NBTscan write its output one screen at a time?
Just like any other program:
nbtscan 123.45.67.89 | more
Works on both Unix and Windows.
How do I export NBTscan output into an Excel file?
Run nbtscan with "-s ," option (script-friendly output, use comma as a field separator) and open the resulting file in Excel.
Why do I get "Connection reset by peer" errors on Windows 2000?
NBTscan uses port 137 UDP for sending queries. If the port is closed on destination host destination will reply with ICMP "Port unreachable" message. Most operating system will ignore this message. Windows 2000 reports it to the application as "Connection reset by peer" error. Just ignore it.
Is there a GUI for nbtscan?
Yes. There are a couple of different GUIs sent to me by different people at different times. Warning: I got this software at different times from different people. I didn't test it and I didn't read the source code. I don't know if it works and what it does when it works, so don't blame me if it does something completely awfull to you or your computer. You have been warned.
- Use42 by Peter Feil (peter (dot) feil (at) one2many (dot) de) Use42 is a GUI wrapper form enum (by Jordan Ritter BindViewRazor), nbtscan (by me) and ipeye (by Arne Vidstrom). Runs on Windows.The author does not provide any source code. You can download it here.
- gui.exe was sent to me by r_i_c_h (at) btinternet (dot) com. It is a Windows GUI for nbtscan. r_i_c_h said he got it from someone else but lost the sources. You can download it here.
- xNBTscan was contributed by Brian (daten (at) dnetc (dot) org) and is a GTK2-base GUI for X. You can get it from here.
Why nbtscan doesn't scan for shares? Are you going to add share scanning to nbtscan?
No. NBTscan uses UDP for what it does. That makes it very fast. Share scanning requires TCP. For one thing, it will make nbtscan more slow. Also adding share scanning means adding a lot of new code to nbtscan. There is a lot of good share scanners around, so I see no reason to duplicate that work.
Why do I get 00-00-00-00-00-00 instead of MAC address when I scan a Samba box?
Because that's what Samba send in response to the query. Nbtscan just prints out what it gets.
Usage
NBTscan is a command-line tool. You have to supply at least one argument - address range in one of three forms:
| xxx.xxx.xxx.xxx | Single IP in dotted-decimal notation. Example: 192.168.1.1. |
| xxx.xxx.xxx.xxx/xx | Net address and subnet mask. Example: 192.168.1.0/24 |
| xxx.xxx.xxx.xxx-xxx | Address range. Example: 192.168.1.1-127. This will scan all addresses from 192.168.1.1 to 192.168.1.127. |
It also understands the following switches:
>nbtscan -f my_ips.txt <output depends on other options>| Option | Meaning | Usage example |
|---|---|---|
| -v | verbose output. Print all names received from each host |
>nbtscan -v 192.168.1.123 |
| -d | dump packets. Print whole packet contents. Cannot be used with -v, -s or -h options. |
>nbtscan -d 192.168.1.123 |
| -e | Format output in /etc/hosts format. | > ./nbtscan -e 192.168.75.0/28 |
| -l | Format output in lmhosts format. | > ./nbtscan -e 192.168.75.0/28 |
| -t timeout | wait timeout seconds for response. Default 1. | >nbtscan -d 192.168.1.123 |
| -b bandwidth | Output throttling. Slow down packet output so that it uses no more that bandwidth bps. Useful on slow links, so that ougoing queries don't get dropped. | >nbtscan -b 28800 192.168.1.123 |
| -r | use local port 137 for scans. Win95 boxes respond to this only. You need to be root to use this option on Unix. | >nbtscan -r 192.168.1.123 |
| -q | Suppress banners and error messages | >nbtscan -q 192.168.1.123 |
| -s separator | Script-friendly output. Don't print column and record headers, separate fields with separator. | >nbtscan -s : 192.168.1.1-24 |
| -h | Print human-readble names for services. Can only be used with -v option. | >nbtscan -s : -h -v 192.168.1.1 |
| -m retransmits | Number of retransmits. Default 0. | >nbtscan -m 2 192.168.1.123 |
| -f filename | Take IP addresses to scan from file filename |
Installation
Installing from Win32 binaries
- Download zip archive
- Unpack it
- Put nbtscan.exe and cygwin1.dll to directory in your PATH, such as winnt/system32
- That's all. Now you can run nbtscan from command prompt.
Installing from sources on Windows
- Download and install Cygwin from http://sources.redhat.com/cygwin/
- Start Cygwin shell and proceed from there as in Unix installation
Installing from sources under Unix
- Ungzip and untar sources
- Run ./configure script
- Run make and make install
- That's all.
Perl version of NBTscan
NBTscan was first written in Perl. It is much more slow then its C cousin, and has less options, but it has an advantage also: Windows Perl script is able to receive responses from Windows 95 sent to port 137. So if you really have to scan Windows 95 boxes from Windows you can download and use Perl NBTscan. There is also a IpInfo (Perl script too) which runs both on NT and Unix, and gives some additional info (such as DNS host name). It was created by Steve Coleman.
Reporting bugs, sending comments, etc.
You can report bugs to the author (hey, that's me) alla (at) inetcat (dot) org. I am not promising to do anything about it, but I may well want to fix them. I shall also appreciate comments and suggestions. If you have somehow enhanced this program - send me a copy or a patch.
- NBTScan. NetBIOS Name Network Scanner. (2)2007/07/18
- Nmap을 이용한 네트워크 스캐닝과 방어하기 (0)2007/04/12
- nmap Option (0)2007/04/03
Leave your greetings.
항상rss에 구독해서 보는데 좋은자료가 많군요 ㅎㅎ
2008/01/07 12:54 [ Permalink : Modify/Delete : Reply ]구독까지 해서 봐 주시다니 감사합니다. 제가 호기심이 많고, 궁금한걸 잘 참지 못해서 책을 찾아보거나, 인터넷을 통해 얻은 정보들을 아티클로 올려놓다보니 조금씩 쌓여진거 같아요.
2008/01/07 15:48 [ Permalink : Modify/Delete ]