dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
979
share rss forum feed


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

1 recommendation

"nbtstat" command

All Windows machines provide the nbtstat command which queries another Windows machine's NETBIOS namserver port. From a command prompt, this looks like:
code:
C> nbtstat -a ntserver

Local Area Connection:
Node IpAddress: [192.168.1.31] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
NTSERVER <00> UNIQUE Registered
NTSERVER <20> UNIQUE Registered
MYDOMAIN <00> GROUP Registered
MYDOMAIN <1C> GROUP Registered
MYDOMAIN <1B> UNIQUE Registered
MYDOMAIN <1E> GROUP Registered
NTSERVER <03> UNIQUE Registered
MYDOMAIN <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
NTSERVER <87> UNIQUE Registered
NTSERVER <6A> UNIQUE Registered

MAC Address = 00-A0-C9-B4-04-E5

The two-digit values found between the < > characters are a resource type, and they refer to things like "messenger service" and the like.

Because I wanted to query more than one NETBIOS nameserver at a time, I wrote a nbtscan program that performs this function over a wider IP range. It also decodes the resource types in a readable way.

»www.unixwiz.net/tools/nbtscan.html

This port being visible over the internet is not directly a security problem, in that there are no known vulnerabilities over port 137/ucp. But if this is open, it suggests that the associated 139/tcp is open, which is very dangerous.
--
Stephen J. Friedl • Security Consultant • Tustin, California USA • my web site


UUBOB

@aol.com
Steve
I just want to thank you profusely for showing some class with the correct, I presume(making a pre out of Sue and Me, instead of an ass out of You and Me)and accurate statement and puting some code in to clearly illustrate your point. This is the first time I've found a straight answer outside of technical manuals wich can use up to ten pages to describe what you did here in less than one half page! Thank you!
UUBOB

no website unknownuserbob@aolhel