NetBIOS is a string of 16 characters ASCII that is used to identify network devices over the TCP/IP protocol where the first 15 characters are most of the times the hostname or device name and the 16th charater is the record type or the service.
To do that you only have three requirements:
You will need to have internal access, you already need to have a compromised device in order to get that information. (talking about enterprise situations…) for testing purposes on LAN just apply the same commands and analyze the results.
Is an utility in Windows OS that let you displays NetBIOS information over the TCP/IP protocol.
The command will retrieve the following info:
– Protocol Statistics
– NetBIOS name tables (local / remote) devices
– NetBIOS name cache
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine’s name table given its name
-A (Adapter status) Lists the remote machine’s name table given its
-c (cache) Lists NBT’s cache of remote [machine] names and their IP
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
So, basically you are able to see the same previous information putting on command line just the command “nbtstat“.
To perform a local NetBIOS request, do the following:
C:\Users\securitytweak> nbtstat -n
To perform a remote request, do the following:
C:\Users\securitytweak> nbtstat -A or -a [ip address]
To perform cache request, do the following:
C:\Users\securitytweak> nbtstat -c
Check results play with the parameters and continue the journey.