| nbtstat |
Displays statistics and current connections for NetBT (NetBIOS over TCP/IP).
nbtstat [ [-a computername] [-A IPaddress] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ]
-a computername
Displays the NBT name table on the specified remote computer.
-A IPaddress
Same as -a except that IP address of remote computer is used.
-c
Displays contents of NetBIOS name cache on local machine. This shows the NetBIOS names on the network that have been successfully resolved into IP addresses.
-n
Lists the NetBIOS names registered by the local machine. The "registered" field shows whether the name has been registered using broadcasts (B-node) or WINS servers (other node types).
-r
Displays statistics for NetBIOS name resolution on the local machine.
-R
Purges all NetBIOS name-to-IP address mappings from the local NetBIOS name cache and then preloads mappings from the
lmhosts file that have the #PRE specifier.
-RR
Releases and refreshes all NetBIOS names for the local machine.
-s
Shows all current NetBIOS sessions, listing remote computers by NetBIOS names.
-S
Shows all current NetBIOS sessions, listing remote computers by IP addresses.
interval
Causes the output to be refreshed the specified number of seconds until Ctrl-C is pressed.
Purge NetBIOS name-to-IP-address mappings in the local NBT name cache:
nbtstat -R Successful purge and preload of the NBT Remote Cache Name Table.
View the local NBT cache:
nbtstat -c Local Area Connection: Node IpAddress: [172.16.11.104] Scope Id: [ ] No names in cache
Ping server
BACH to resolve its NetBIOS name into its IP address:
ping bach Pinging bach [172.16.11.100] with 32 bytes of data: Reply from 172.16.11.100: bytes=32 time<10ms TTL=128 Reply from 172.16.11.100: bytes=32 time<10ms TTL=128 Reply from 172.16.11.100: bytes=32 time<10ms TTL=128 Reply from 172.16.11.100: bytes=32 time<10ms TTL=128 Ping statistics for 172.16.11.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
Check if the resolved name (
BACH ) and its IP address mapping (172.16.11.100) have been cached on the local machine:
nbtstat -c Local Area Connection: Node IpAddress: [172.16.11.104] Scope Id: [ ] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] ----------------------------------------------------- BACH <00> UNIQUE 172.16.11.100 597
Display a list of NetBIOS names registered for the local machine:
nbtstat -n Local Area Connection: Node IpAddress: [172.16.11.104] Scope Id: [ ] NetBIOS Local Name Table Name Type Status --------------------------------------------- TEST <00> UNIQUE Registered MTITCANADA <00> GROUP Registered MTITCANADA <1C> GROUP Registered TEST <20> UNIQUE Registered MTITCANADA <1B> UNIQUE Registered TEST <03> UNIQUE Registered NETSHOWSERVICES<03> UNIQUE Registered MTITCANADA <1E> GROUP Registered MTITCANADA <1D> UNIQUE Registered .._ _MSBROWSE_ _.<01> GROUP Registered INet~Services <1C> GROUP Registered IS~TEST........<00> UNIQUE Registered
The fact that one of the previous NetBIOS names has the <1C> suffix indicates that the local machine is a domain controller.
Display the list of NetBIOS names registered by the remote machine called
BACH (this is also a handy way of obtaining the MAC address of
BACH ):
nbtstat -a bach Local Area Connection: Node IpAddress: [172.16.11.104] Scope Id: [ ] NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- BACH <00> UNIQUE Registered BACH <20> UNIQUE Registered MTITWORLD <00> GROUP Registered MTITWORLD <1C> GROUP Registered MTITWORLD <1B> UNIQUE Registered BACH <03> UNIQUE Registered MTITWORLD <1E> GROUP Registered INet~Services <1C> GROUP Registered IS~BACH........<00> UNIQUE Registered MTITWORLD <1D> UNIQUE Registered .._ _MSBROWSE_ _.<01> GROUP Registered ADMINISTRATOR <03> UNIQUE Registered MAC Address = 00-40-95-D1-29-6C
Display current NBT session statistics on the local machine:
nbtstat -S Local Area Connection: Node IpAddress: [172.16.11.104] Scope Id: [ ] NetBIOS Connection Table LocalName State In/Out RemoteHost Input Output ------------------------------------------------------ TEST <00>Connected Out 172.16.11.39 320KB 721KB TEST <00>Connected Out 172.16.11.94 711KB 185KB TEST <00>Connected Out 172.16.11.100 5KB 8KB TEST <03>Listening
nbtstat is most useful when troubleshooting name-resolution problems in mixed WS2003/W2K/NT networks where NetBIOS is still being used. (NetBIOS can be disabled in the TCP/IP properties of WS2003 machines and isn't really needed in pure WS2003 networks.) Here are the various fields of the output from nbtstat.
Input
Bytes received over the connection
Output
Bytes sent over the connection
In/Out
Whether the connection is inbound or outbound
Life
How long the entry remains in the name table cache before being purged
LocalName
The local NetBIOS name associated with the connection
RemoteHost
The name or IP address of the remote computer
Type
The type of the NetBIOS name, which can be either a unique name or a group name
State
Current state of the connection (see Table 5-5)
|
State |
Description |
|---|---|
|
Accepting |
An inbound session is in the process of being accepted. |
|
Associated |
A connection endpoint has been created and associated with an IP address. |
|
Connected |
A session has been established. |
|
Connecting |
A session is in the connecting phase during which the name-to-IP address mapping of the destination is being resolved. |
|
Disconnected |
The local machine has issued a disconnect and is waiting for confirmation from the remote machine. |
|
Disconnecting |
A session is in the process of disconnecting. |
|
Idle |
An endpoint has been opened but can't receive a connection. |
|
Inbound |
An inbound session is in the connecting phase. |
|
Listening |
An endpoint is available for an inbound connection. |
|
Outbound |
A session is in the connecting phase during which the TCP connection is being formed. |
|
Reconnecting |
A session is attempting to reconnect after failure to connect. |
WINS