Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Interpreting the output of NBTSTAT

Posted on 1998-03-29
Medium Priority
Last Modified: 2013-12-23
I am looking for more information on the poutput of nbtstat.

I have the following output from a machine which is having some trouble "talking" to the PDC.

       NetBIOS Remote Machine Name Table

   Name               Type         Status
MAC Address = 00-00-C1-10-B8-BB

NTBACKUP       <00>  UNIQUE      Conflict
NTBACKUP       <20>  UNIQUE      Registered
QCAT           <00>  GROUP       Registered
QCAT           <1C>  GROUP       Registered
NEXUS          <00>  GROUP       Registered
QCAT           <1E>  GROUP       Registered
NTBACKUP       <03>  UNIQUE      Registered
NTBACKUP       <01>  UNIQUE      Conflict

What does the number in the < > mean (or should I say what is the significance?) as I am aware that ther are the last byte of the 16 byte NetBIOS name or some such thing.  Is the "Conflict" message a problem and how do I solve it.  There IS NOT any other machine on the network with the same MAC address OR with the same IP, so please don't go down that path, we've already followed that one.
Question by:tvanlint
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 37

Expert Comment

ID: 1571662
The column headings generated by the Nbtstat utility have the following meanings.

Input - Number of bytes received.

Output - Number of bytes sent.

In/Out - Whether the connection is from the computer (outbound) or from another system to the local computer (inbound).

Life - The remaining time that a name table cache entry will live before it is purged.

Local Name - The local NetBIOS name associated with the connection.

Remote Host - The name or IP address associated with the remote computer.

Type - Refers to the type of name. A name can either be a unique name or a group name.

<03> - Each NetBIOS name is 16 characters long. This last byte often has special significance since the same name may be present several times on a computer differing only in the last byte. This notation is simply the last byte converted to hexadecimal. <20> is a space in ASCII for example.

State - The state of NetBIOS connections.

Please refer NT's help for more information.

Author Comment

ID: 1571663
Gee, didn't I say "I am aware that ther are the last byte of the 16 byte NetBIOS name or some such thing" (as I got exactly what was echoed by bbao via the online help.) As I said in the next section I am looking for "Is the "Conflict" message a problem and how do I solve it.  There IS NOT any other machine on the network with the same MAC address OR with the same IP, so please don't go down that path, we've already followed that one." as I am having troubles with the machine that is reporting a "conflict"

LVL 37

Expert Comment

ID: 1571664
Do you have another computer called Ntbackup on the same network? For exampe, a Netware server?
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks


Author Comment

ID: 1571665
I have already said "There IS NOT any other machine on the network with the same MAC address OR with the same IP" and I though having said that it would be implicit that ther eis also no other machine on the network with the same NetBIOS name or Internet node name.  If you cannot answer my question bbao (that is what the significance of the conflict message is and how the NBTSTAT output should be interpretted, then I suggest you cease responding!

Expert Comment

ID: 1571666
Here is a small answer from MS I found in the KB. Interesting is the last sentence ( I marked it with several !!! ).

On your Windows NT computer, you may receive the following event log
message in Event Viewer:
   Event ID: 4320
   Source: NetBT
This message is caused when another computer sends a name release message
to your computer. The most likely reason for this is that a duplicate name
has been detected on the network.
Use the NBTSTAT -N command to see the name of the computer in the conflict
state. The IP address of the node that sent the message is in the data
returned by this command. The following example shows what the data may
look like in one of these events:
   0000:   00   00   04   00   01   00   54   00
   0008:   00   00   00   00   e0   10   00   c0
   0010:   00   00   00   00   00   00   00   00
   0018:   00   00   00   00   00   00   00   00
   0020:   00   00   00   00   00   00   00   00
   0028:   e7   1a   65   16
Offset 28 is the IP address of the computer requesting name release. To
determine the decimal IP address, invert the four hexadecimal numbers and
convert them to decimal numbers separated by periods. Using this method,
the IP address of E7 1A 65 16 becomes
The status column of the NBTSTAT output for the computer in conflict should
contain either "Conflict" or "Released."
You can run the NBTSTAT -A command with the IP address to get the computer
!!!!! NOTE: This error message is generated in many cases due to !!!!! normal circumstances, and should not be cause for alarm.
LVL 37

Expert Comment

ID: 1571667
tvanlint, I suggest you cease responding too before you carefully read my post! I mean the computer name, not any MAC address or IP address!

In addition, courtesy is a requirement at such a site for discussing technical problem, and the experts here are not dedicated to earn points, are to do help!

BTW, I would do any responding as I like. :-)))

Expert Comment

ID: 1571668
I don't know if this is any help.....
<00> is the registered name on the WINS client of the Workstation Service
<03> is the registered name on the WINS client of the Messenger Service
<20> is the registered name on the WINS client of the Server Service


Accepted Solution

tonp earned 400 total points
ID: 1571669
First, here's a list of what the numbers mean:

Unique Names
<computername>[00h]      Workstation Service
<computername>[03h]      Messenger Service
<computername>[06h]      RAS Server Service
<computername>[1Fh]      NetDDE Service
<computername>[20h]      Server Service
<computername>[21h]      RAS Client Service
<computername>[BEh]      Network Monitor Agent
<computername>[BFh]      Network Monitor Application

<username>[03]              Messenger Service

<domain_name>[1Dh]      Master Browser
<domain_name>[1Bh]      Domain Master Browser

Group Names

<domain_name>[00h]      Domain Name
<domain_name>[1Ch]      Domain Controllers
<domain_name>[1Eh]      Browser Service Elections

If you see a conflict for a certain name or service, it means that the NetBIOS name registration has detected a different IP number with the same NetBIOS name. This can have various causes. For example, normally, NBT handles multihomed machines as a special case (obviously they have multiple IP numbers for the same netbios name). If this specific machine is wrongly configured (for example with a special networking emulating device that is not properly recognised as a multihomed machine) it could lead to this error.

Secondly, since the (conflicting) number 01h (UNIQUE) is not documented, this could also be the root of the problem. See if some other machines have the same number listed. If not, this is probably the cause of the conflict. You should then reinstal your network protocols, to make sure this number disappears.


I would suggest that you switch of this specific machine and try to determine (with nbtstat -a) if there's a different machineon the net with teh same netbios name.


Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question