• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3369
  • Last Modified:

Interpreting the output of NBTSTAT

I am looking for more information on the poutput of nbtstat.

I have the following output from a machine which is having some trouble "talking" to the PDC.

       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
MAC Address = 00-00-C1-10-B8-BB

NTBACKUP       <00>  UNIQUE      Conflict
NTBACKUP       <20>  UNIQUE      Registered
QCAT           <00>  GROUP       Registered
QCAT           <1C>  GROUP       Registered
NEXUS          <00>  GROUP       Registered
QCAT           <1E>  GROUP       Registered
NTBACKUP       <03>  UNIQUE      Registered
NTBACKUP       <01>  UNIQUE      Conflict

What does the number in the < > mean (or should I say what is the significance?) as I am aware that ther are the last byte of the 16 byte NetBIOS name or some such thing.  Is the "Conflict" message a problem and how do I solve it.  There IS NOT any other machine on the network with the same MAC address OR with the same IP, so please don't go down that path, we've already followed that one.
0
tvanlint
Asked:
tvanlint
1 Solution
 
bbaoIT ConsultantCommented:
The column headings generated by the Nbtstat utility have the following meanings.

Input - Number of bytes received.

Output - Number of bytes sent.

In/Out - Whether the connection is from the computer (outbound) or from another system to the local computer (inbound).

Life - The remaining time that a name table cache entry will live before it is purged.

Local Name - The local NetBIOS name associated with the connection.

Remote Host - The name or IP address associated with the remote computer.

Type - Refers to the type of name. A name can either be a unique name or a group name.

<03> - Each NetBIOS name is 16 characters long. This last byte often has special significance since the same name may be present several times on a computer differing only in the last byte. This notation is simply the last byte converted to hexadecimal. <20> is a space in ASCII for example.

State - The state of NetBIOS connections.

Please refer NT's help for more information.
0
 
tvanlintAuthor Commented:
Gee, didn't I say "I am aware that ther are the last byte of the 16 byte NetBIOS name or some such thing" (as I got exactly what was echoed by bbao via the online help.) As I said in the next section I am looking for "Is the "Conflict" message a problem and how do I solve it.  There IS NOT any other machine on the network with the same MAC address OR with the same IP, so please don't go down that path, we've already followed that one." as I am having troubles with the machine that is reporting a "conflict"

0
 
bbaoIT ConsultantCommented:
Do you have another computer called Ntbackup on the same network? For exampe, a Netware server?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
tvanlintAuthor Commented:
I have already said "There IS NOT any other machine on the network with the same MAC address OR with the same IP" and I though having said that it would be implicit that ther eis also no other machine on the network with the same NetBIOS name or Internet node name.  If you cannot answer my question bbao (that is what the significance of the conflict message is and how the NBTSTAT output should be interpretted, then I suggest you cease responding!
0
 
moellertCommented:
Here is a small answer from MS I found in the KB. Interesting is the last sentence ( I marked it with several !!! ).


On your Windows NT computer, you may receive the following event log
message in Event Viewer:
 
   Event ID: 4320
   Source: NetBT
 
CAUSE
=====
 
This message is caused when another computer sends a name release message
to your computer. The most likely reason for this is that a duplicate name
has been detected on the network.
 
MORE INFORMATION
================
 
Use the NBTSTAT -N command to see the name of the computer in the conflict
state. The IP address of the node that sent the message is in the data
returned by this command. The following example shows what the data may
look like in one of these events:
 
   0000:   00   00   04   00   01   00   54   00
   0008:   00   00   00   00   e0   10   00   c0
   0010:   00   00   00   00   00   00   00   00
   0018:   00   00   00   00   00   00   00   00
   0020:   00   00   00   00   00   00   00   00
   0028:   e7   1a   65   16
 
Offset 28 is the IP address of the computer requesting name release. To
determine the decimal IP address, invert the four hexadecimal numbers and
convert them to decimal numbers separated by periods. Using this method,
the IP address of E7 1A 65 16 becomes 22.101.26.231.
 
The status column of the NBTSTAT output for the computer in conflict should
contain either "Conflict" or "Released."
 
You can run the NBTSTAT -A command with the IP address to get the computer
name.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!! NOTE: This error message is generated in many cases due to !!!!! normal circumstances, and should not be cause for alarm.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0
 
bbaoIT ConsultantCommented:
tvanlint, I suggest you cease responding too before you carefully read my post! I mean the computer name, not any MAC address or IP address!

In addition, courtesy is a requirement at such a site for discussing technical problem, and the experts here are not dedicated to earn points, are to do help!

BTW, I would do any responding as I like. :-)))
0
 
beacomCommented:
I don't know if this is any help.....
<00> is the registered name on the WINS client of the Workstation Service
<03> is the registered name on the WINS client of the Messenger Service
<20> is the registered name on the WINS client of the Server Service

0
 
tonpCommented:
First, here's a list of what the numbers mean:

Unique Names
<computername>[00h]      Workstation Service
<computername>[03h]      Messenger Service
<computername>[06h]      RAS Server Service
<computername>[1Fh]      NetDDE Service
<computername>[20h]      Server Service
<computername>[21h]      RAS Client Service
<computername>[BEh]      Network Monitor Agent
<computername>[BFh]      Network Monitor Application

<username>[03]              Messenger Service

<domain_name>[1Dh]      Master Browser
<domain_name>[1Bh]      Domain Master Browser

Group Names

<domain_name>[00h]      Domain Name
<domain_name>[1Ch]      Domain Controllers
<domain_name>[1Eh]      Browser Service Elections

If you see a conflict for a certain name or service, it means that the NetBIOS name registration has detected a different IP number with the same NetBIOS name. This can have various causes. For example, normally, NBT handles multihomed machines as a special case (obviously they have multiple IP numbers for the same netbios name). If this specific machine is wrongly configured (for example with a special networking emulating device that is not properly recognised as a multihomed machine) it could lead to this error.

Secondly, since the (conflicting) number 01h (UNIQUE) is not documented, this could also be the root of the problem. See if some other machines have the same number listed. If not, this is probably the cause of the conflict. You should then reinstal your network protocols, to make sure this number disappears.

Ton


I would suggest that you switch of this specific machine and try to determine (with nbtstat -a) if there's a different machineon the net with teh same netbios name.

0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now