[QCLUG] Linux Tool of the Week - nmblookup / nbtscan

[Chris Cooper]

nmblookup - NetBIOS name resolution tool
Part of the samba package (http://www.samba.org)
http://linuxcommand.gds.tuwien.ac.at/man_pages/nmblookup1.html

nbtscan - A NetBIOS scanning utility
http://www.inetcat.net/software/nbtscan.html

This week, we get a two for one.

The first tool is nmblookup.  This tool is part of the samba client
utilities package, and is used for resolving netBIOS names back and
forth from ip addresses.  It can be used for both forward lookups
(nmblookup <computer name>), and reverse lookups (nmblookup -A <ip
address>).

The vast majority of the time, I use nmblookup in the reverse lookup
mode.  If I am looking at a log file, or am seeing odd network traffic
on the router, I usually only have an ip address to go on.  With a
quick nmblookup -A <ip address> I can know what the computer is named,
and where to start physically looking for the PC.

This does, however, require that the PC has port 137 UDP accessible,
and is running some form of netBIOS server (either a windows box, or
something running samba).

Occasionally, I need to automate this lookup either over a full range,
or from a file list I dumped from something else.  This is where
nbtscan comes in.

nbtscan is a very speedy little utility that takes either a file list,
or an ip range as input, and proceeds to scan for and list all the
netBIOS names it finds.  It essentially replicates nmblookup -A over a
larger scale.

So whether you are looking at a single host (nmblookup) or a multitude
of them (nbtscan), these utilities make playing hide-and-seek a little
easier in a world full of Windows.