Solved

Interpreting the output of NBTSTAT

Posted on 1998-03-29
8
2,893 Views
Last Modified: 2013-12-23
I am looking for more information on the poutput of nbtstat.

I have the following output from a machine which is having some trouble "talking" to the PDC.

       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
MAC Address = 00-00-C1-10-B8-BB

NTBACKUP       <00>  UNIQUE      Conflict
NTBACKUP       <20>  UNIQUE      Registered
QCAT           <00>  GROUP       Registered
QCAT           <1C>  GROUP       Registered
NEXUS          <00>  GROUP       Registered
QCAT           <1E>  GROUP       Registered
NTBACKUP       <03>  UNIQUE      Registered
NTBACKUP       <01>  UNIQUE      Conflict

What does the number in the < > mean (or should I say what is the significance?) as I am aware that ther are the last byte of the 16 byte NetBIOS name or some such thing.  Is the "Conflict" message a problem and how do I solve it.  There IS NOT any other machine on the network with the same MAC address OR with the same IP, so please don't go down that path, we've already followed that one.
0
Comment
Question by:tvanlint
8 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 1571662
The column headings generated by the Nbtstat utility have the following meanings.

Input - Number of bytes received.

Output - Number of bytes sent.

In/Out - Whether the connection is from the computer (outbound) or from another system to the local computer (inbound).

Life - The remaining time that a name table cache entry will live before it is purged.

Local Name - The local NetBIOS name associated with the connection.

Remote Host - The name or IP address associated with the remote computer.

Type - Refers to the type of name. A name can either be a unique name or a group name.

<03> - Each NetBIOS name is 16 characters long. This last byte often has special significance since the same name may be present several times on a computer differing only in the last byte. This notation is simply the last byte converted to hexadecimal. <20> is a space in ASCII for example.

State - The state of NetBIOS connections.

Please refer NT's help for more information.
0
 
LVL 1

Author Comment

by:tvanlint
ID: 1571663
Gee, didn't I say "I am aware that ther are the last byte of the 16 byte NetBIOS name or some such thing" (as I got exactly what was echoed by bbao via the online help.) As I said in the next section I am looking for "Is the "Conflict" message a problem and how do I solve it.  There IS NOT any other machine on the network with the same MAC address OR with the same IP, so please don't go down that path, we've already followed that one." as I am having troubles with the machine that is reporting a "conflict"

0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 1571664
Do you have another computer called Ntbackup on the same network? For exampe, a Netware server?
0
 
LVL 1

Author Comment

by:tvanlint
ID: 1571665
I have already said "There IS NOT any other machine on the network with the same MAC address OR with the same IP" and I though having said that it would be implicit that ther eis also no other machine on the network with the same NetBIOS name or Internet node name.  If you cannot answer my question bbao (that is what the significance of the conflict message is and how the NBTSTAT output should be interpretted, then I suggest you cease responding!
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 2

Expert Comment

by:moellert
ID: 1571666
Here is a small answer from MS I found in the KB. Interesting is the last sentence ( I marked it with several !!! ).


On your Windows NT computer, you may receive the following event log
message in Event Viewer:
 
   Event ID: 4320
   Source: NetBT
 
CAUSE
=====
 
This message is caused when another computer sends a name release message
to your computer. The most likely reason for this is that a duplicate name
has been detected on the network.
 
MORE INFORMATION
================
 
Use the NBTSTAT -N command to see the name of the computer in the conflict
state. The IP address of the node that sent the message is in the data
returned by this command. The following example shows what the data may
look like in one of these events:
 
   0000:   00   00   04   00   01   00   54   00
   0008:   00   00   00   00   e0   10   00   c0
   0010:   00   00   00   00   00   00   00   00
   0018:   00   00   00   00   00   00   00   00
   0020:   00   00   00   00   00   00   00   00
   0028:   e7   1a   65   16
 
Offset 28 is the IP address of the computer requesting name release. To
determine the decimal IP address, invert the four hexadecimal numbers and
convert them to decimal numbers separated by periods. Using this method,
the IP address of E7 1A 65 16 becomes 22.101.26.231.
 
The status column of the NBTSTAT output for the computer in conflict should
contain either "Conflict" or "Released."
 
You can run the NBTSTAT -A command with the IP address to get the computer
name.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!! NOTE: This error message is generated in many cases due to !!!!! normal circumstances, and should not be cause for alarm.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 1571667
tvanlint, I suggest you cease responding too before you carefully read my post! I mean the computer name, not any MAC address or IP address!

In addition, courtesy is a requirement at such a site for discussing technical problem, and the experts here are not dedicated to earn points, are to do help!

BTW, I would do any responding as I like. :-)))
0
 

Expert Comment

by:beacom
ID: 1571668
I don't know if this is any help.....
<00> is the registered name on the WINS client of the Workstation Service
<03> is the registered name on the WINS client of the Messenger Service
<20> is the registered name on the WINS client of the Server Service

0
 
LVL 2

Accepted Solution

by:
tonp earned 200 total points
ID: 1571669
First, here's a list of what the numbers mean:

Unique Names
<computername>[00h]      Workstation Service
<computername>[03h]      Messenger Service
<computername>[06h]      RAS Server Service
<computername>[1Fh]      NetDDE Service
<computername>[20h]      Server Service
<computername>[21h]      RAS Client Service
<computername>[BEh]      Network Monitor Agent
<computername>[BFh]      Network Monitor Application

<username>[03]              Messenger Service

<domain_name>[1Dh]      Master Browser
<domain_name>[1Bh]      Domain Master Browser

Group Names

<domain_name>[00h]      Domain Name
<domain_name>[1Ch]      Domain Controllers
<domain_name>[1Eh]      Browser Service Elections

If you see a conflict for a certain name or service, it means that the NetBIOS name registration has detected a different IP number with the same NetBIOS name. This can have various causes. For example, normally, NBT handles multihomed machines as a special case (obviously they have multiple IP numbers for the same netbios name). If this specific machine is wrongly configured (for example with a special networking emulating device that is not properly recognised as a multihomed machine) it could lead to this error.

Secondly, since the (conflicting) number 01h (UNIQUE) is not documented, this could also be the root of the problem. See if some other machines have the same number listed. If not, this is probably the cause of the conflict. You should then reinstal your network protocols, to make sure this number disappears.

Ton


I would suggest that you switch of this specific machine and try to determine (with nbtstat -a) if there's a different machineon the net with teh same netbios name.

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Resolve DNS query failed errors for Exchange
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now