How to use the command nbtscan (with examples)
nbtscan is a command-line tool that allows users to scan networks for NetBIOS name information. It can be used to gather information about devices on a network and identify any systems using the NetBIOS protocol.
Use case 1: Scan a network for NetBIOS names
Code:
nbtscan 192.168.0.1/24
Motivation: This use case is useful when you want to gather information about all the devices connected to a specific network. By scanning the network for NetBIOS names, you can identify the devices and gain insight into the systems present on the network.
Explanation:
nbtscan
is the command being executed.192.168.0.1/24
is the network address you want to scan. This specifies the IP range that should be scanned for NetBIOS names.
Example output:
192.168.0.1 WORKGROUP\SERVER <Server>
192.168.0.100 WORKGROUP\COMPUTER <PC>
Use case 2: Scan a single IP address
Code:
nbtscan 192.168.0.1
Motivation: This use case is helpful when you want to gather information about a specific device on the network. By scanning a single IP address, you can obtain details about that device, including the NetBIOS name.
Explanation:
nbtscan
is the command being executed.192.168.0.1
is the IP address of the device you want to scan.
Example output:
192.168.0.1 WORKGROUP\SERVER <Server>
Use case 3: Display verbose output
Code:
nbtscan -v 192.168.0.1/24
Motivation:
This use case is useful when you want to obtain more detailed output from the nbtscan
command. By using the -v
option, you can retrieve additional information about the scanned devices, such as the MAC address and the type of the device.
Explanation:
nbtscan
is the command being executed.-v
is the option that enables verbose output.192.168.0.1/24
is the network address you want to scan.
Example output:
192.168.0.1 WORKGROUP\SERVER <Server> (MAC: 00:11:22:33:44:55, Type: Workstation)
192.168.0.100 WORKGROUP\COMPUTER <PC> (MAC: AA:BB:CC:DD:EE:FF, Type: Workstation)
Use case 4: Display output in /etc/hosts
format
Code:
nbtscan -e 192.168.0.1/24
Motivation:
This use case is helpful when you want the output of the nbtscan
command to be in a specific format that can be easily used with other tools. The -e
option allows you to display the output in the /etc/hosts
format, which is commonly used to map hostnames to IP addresses.
Explanation:
nbtscan
is the command being executed.-e
is the option that specifies the output format as/etc/hosts
.192.168.0.1/24
is the network address you want to scan.
Example output:
192.168.0.1 SERVER
192.168.0.100 COMPUTER
Use case 5: Read IP addresses/networks to scan from a file
Code:
nbtscan -f path/to/file.txt
Motivation:
This use case is useful when you have a large number of IP addresses or networks to scan and you don’t want to specify them directly on the command line. By using the -f
option, you can provide a file that contains the IP addresses or networks to be scanned, saving you from manually entering each one.
Explanation:
nbtscan
is the command being executed.-f
is the option that specifies the file from which to read the IP addresses/networks to scan.path/to/file.txt
is the path to the file containing the IP addresses/networks.
Example output:
192.168.0.1 WORKGROUP\SERVER <Server>
192.168.0.100 WORKGROUP\COMPUTER <PC>
192.168.0.200 WORKGROUP\PRINTSERVER <Printer>
Conclusion:
The nbtscan command is a powerful tool for scanning networks and gathering NetBIOS name information. By leveraging its various options, you can gain insights into the devices present on the network, identify specific systems, obtain detailed information about the devices, and output the information in different formats. Whether you need to scan a single IP address or an entire network, nbtscan provides a versatile solution for your network reconnaissance needs.