nbtstat

I mentioned this in one of the posts I moved over from my previous blog, but thought it might be worth mentioning again. Here is my Disclaimer, I am not a Network Guru or Guru of any kind for that matter. Anyway, a nice feature of the R6 Administrator Client is that when you look at the Status Tab and select Notes Users under the Net Address it shows the IP address of the corresponding user. From there using the nbtstat command at a command prompt in Windows I can easily find out the the machine name of the individual via the remote machines name table (nbtstat -A 10.x.x.x).

I am not an expert on this, but I believe the first <00> Unique record is always the machine name. The second item listed, <00> Group record, is the Domain. It appears that there is often a <03> Unique record that corresponds to the user logged onto the machine. It even gives the MAC address.

Of course, the great thing about knowing the information about where the user actually is rather than having to look up info in the Inventory System (which isn't always up to date) is I can then do what I might need to do to connect to their specific machine administratively to check their log.nsf or notes.ini.

Dummied version of the type of info you might see.

C:\>nbtstat -A 10.x.x.x



Local Area Connection:

Node IpAddress: [10.x.x.x] Scope Id: []



           NetBIOS Remote Machine Name Table



       Name               Type         Status

    ---------------------------------------------

    ABCPC1             <00>  UNIQUE      Registered

    DOMAIN1           <00>  GROUP       Registered

    ABCPC1             <20>  UNIQUE      Registered

    ABCPC1             <03>  UNIQUE      Registered

    USER1               <03>  UNIQUE      Registered



    MAC Address = 00-00-00-00-00-00

Simply typing nbtstat at the command line will give you the options, etc.. that can be used with it.

C:\>nbtstat

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINs and then, starts Refr
esh

RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

I decided that might be a good idea to point to a couple of Microsoft References as well.

Link to nbtstat command info on Microsoft's TechNet site.

Link to MS Knowledgebase Article 163409 giving more insight into the output.