• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1994
  • Last Modified:

Automating NBTSTAT

I have a long list of IP addresses that I would want to run against NBTSTAT and get the user ID from the Netbios remote machine name table.  Is there a way to do this or an available tool that does the same thing?
0
rubinstein
Asked:
rubinstein
  • 8
  • 7
  • 4
  • +4
1 Solution
 
ahoffmannCommented:
asuming your IPs are one per line in a file, write following script nbtstat.awk:
{ system(nbtstat -a "$1); }

then call:
gawk -f nbtstat.awk file_with_one_IP_per_line


0
 
rubinsteinAuthor Commented:
I'm very sorry.... I didn't make clear that I wanted to run this from Win 95 on an NT network.
0
 
ahoffmannCommented:
What's the problem with Win x.x? Did you not have gawk?
You also may use perl instead (slightly different syntax abobe)
which is part of NT 4.0
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
bbaoIT ConsultantCommented:
WINSDMP.EXE from Resource Kit may be your needs.
0
 
phjCommented:
Hi,

I'am glad to see that I'am not the only one who would like such a program/rutine. I have tried batch files and pipes to grep and so one, but this was not a good ide because of the difference in the names and the types, and specialy the wierd output from NBTSTAT -A <IP> > file.tmp. Where CR/LF is missing.

Another way would of course be to write a program, which would do exactly the same as NBTSTAT -A, but you will control the result. My knowledge in Windows NT 4.0 network programming is almost zero. (any one ???)

I also tried the WINSDMP way and it works ok, until I discoverd that not all entires from all pc's are in a given WINS database (I have 3000 pc's and 25 WINS database which are set to push/pull). The solution for the missing pc's is still unknown, mayby there is bug in WINSDMP?.

So at this moment I'am back to nothing; The result so fare must be that this only can be solved by writing a program, which emitate NBTSTAT.

Peter Jakobsen
phj-itafd@aalbkom.dk


When you have the WINS dump, this output will also need some sorting and extracting, to get a nice list of IP, Hostname and user name, howto do this will need some kind of program.


0
 
rubinsteinAuthor Commented:
Thanks for everyones comments so far.  Unfortunately I don't have a C compiler available to me so I can't give GAWK a try.  I am hunting around for a copy of winsdump.  Peter---I'm glad I am not the only one too.

0
 
ahoffmannCommented:
can send you gawk.exe if you like
If you have the ResourceKit, there is perl which could do it as well. Perl also can also be used to parse winsdmp output.
0
 
rubinsteinAuthor Commented:
AHoffman...
If you could send me gawk.exe, that would be great.  My address is m4lrubi@msg.pacbell.com.

regards
Michael Rubinstein
0
 
alexoCommented:
0
 
carmineCommented:
Michael

If you were running on NT (wksn or server) you could do it in BATCH.

Assuming you have your IP address's in a file, one address per line.

Create a batch file with the following contents.

  @echo off
  if "%2"=="" goto error
  del %2
  for /f %%a in ('type %1') do echo %%a >>%2 & nbtstat -A %%a|find "<00>  UNIQUE">>%2
  type %2
  goto done
  :error
  echo.
  echo Usage: xxxx.bat ipfile outputfile
  echo.
  :done

Then run your batch file! The output is IP address on one line, followed by the username on the next.  You could modify this as you wish.
0
 
rubinsteinAuthor Commented:
Carmine:
Your batch file is quite nifty.  Unfortunately for me, there is still a fly in the ointment.  The output of the Remote Machine Name Table that I get, is not consistent.  I usually get about five lines one of which includes the user ID.  However, the line with the User ID  is not the only line that contains the the type "Unique".  Other lines that include the Unique type contain the a machine identifyer (the circuit ID in our particular network).  Another parsing hurdle is that the number contained in the < > brackets is variable.

Here are two sample outputs from NBTSTAT


       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
LABCDEF        <00>  UNIQUE      Registered
OPQRST          <00>  GROUP       Registered
LABCDEF        <03>  UNIQUE      Registered
LABCDEF       <20>  UNIQUE      Registered
OPQRST         <1E>  GROUP       Registered
LABCDEF       <1F>  UNIQUE      Registered
78IDDZ502148   <20>  UNIQUE      Registered

MAC Address = 00-DD-01-14-3A-06

     NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
73123456789   <00>  UNIQUE      Registered
ABC_SOUTH      <00>  GROUP       Registered
73123456789     <03>  UNIQUE      Registered
73123456789     <1F>  UNIQUE      Registered
WLAABCD        <03>  UNIQUE      Registered
73IDDZ502096   <20>  UNIQUE      Registered

MAC Address = 00-00-C0-9F-DA-E6

LABCDEF is the user id for the first report and WLAABCD is the user in the second report.  As you can see, extracting the data is a parsing nightmare.  (Security note: ID's and circuits #'s have been disguised).

regards,
Mike Rubinstein

Alexo:
Thanks for the URL, I will check it out.
0
 
carmineCommented:
Sorry my file should have read ...<03>  UNIQUE...
which will return both the machine name, and the logged on user name.  Is there any way of filtering out the machine name?  Do you use some naming scheme that allows you to identify it?
0
 
rubinsteinAuthor Commented:
Well, the user name always starts with a  letter and most of the time the machine ID starts with a number (except when an "X" is appended for some strange reason) so I could  use that.  Since my list is not infinently long, I could edit it by hand.

I am getting a syntax error from the for statment in the batch file, I'm tracking it down.

Thanks again.
0
 
carmineCommented:
Note that I stated that the batch file is fot NT ONLY, it won't work on Win95 as it doesn't handle the extended commands (for /f) that NT does.
0
 
rubinsteinAuthor Commented:
Carmine:
I ran over to an NT machine and your batch works great.. Thanks.
0
 
carmineCommented:
Shall I post it as an answer then?
0
 
rubinsteinAuthor Commented:
Yes.  I can certainly live with the extra lines in the output.  Thanks a lot.  I didn't know about the extended features of the NT Batch language.

[Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]

regards,
Mike
0
 
carmineCommented:
Michael

If you were running on NT (wksn or server) you could do it in BATCH.

Assuming you have your IP address's in a file, one address per line.

Create a batch file with the following contents.

  @echo off
  if "%2"=="" goto error
  if not exist %1 goto file
  del %2
  for /f %%a in ('type %1') do echo %%a >>%2 & nbtstat -A %%a|find "<03>  UNIQUE">>%2
  goto done
  :error
  echo.
  echo Usage: xxxx.bat ipfile outputfile
  echo.
  goto done
  :file
  echo.
  echo Cann't find input file "%1".
  echo.
  :done

Then run your batch file! The output is IP address on one line, followed by the username/machine name on the next line(s).  You could modify this as you wish.
0
 
alexoCommented:
>> [Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]

Not as part of the answer, but you can install 4DOS or its graphical equivalent TCMD/32 and get all those features and much more (also available for other platforms -- 4NT, 4OS2, TCMD/16).  Go to www.jpsoft.com

Consider it a free tip.
0
 
carmineCommented:
Updated version that rejects entries begining with numbers.

@echo off
if "%2"=="" goto error
if not exist %1 goto nofile
del %2

for /f %%a in ('type %1') do echo %%a & echo %%a >>%2 & nbtstat -A %%a>%temp%ip.tmp & findstr /b "[A-Z]*.*<03>  UNIQUE.*" %temp%ip.tmp>>%2

rem type %2
del %temp%ip.tmp
goto done
:error
echo.
echo Usage: Users.bat iplistfile outputfile
echo.
goto done
:nofile
echo.
echo Input file "%1" does not exist.
echo.
:done

0
 
ahoffmannCommented:
nearly the same (but formated) using awk, could be improved in many ways:

{ id[0]=$1; id[1]=""; id[2]=""; i=0;
  tmp=sprintf("%s\\tmp",ENVIRON["TEMP"]);
  system("nbtstat -a "id[0]" > "tmp);
  while ((getline<tmp)>0) {
    if ($2=="<03>" && $3=="UNIQUE") { id[++i]=$1; }
  }
  close(tmp);
  printf("%16s %16s %-16s\n",id[0],id[1],id[2]);
}
END { system("del "tmp) }
0
 
rubinsteinAuthor Commented:
Thanks Carmine and A Hoffman.  

regards,
Mike Rubinstein
0
 
madforit2501Commented:
what if i had a list of computer names how would i modify the batch script to accomidate this?

thanks

madforit
0
 
carmineCommented:
Just change the entry 'nbtstat -A' to 'nbtstat -a'

But there are much better ways of doing this now using WMI and vbscript etc.

Mark
0
 
madforit2501Commented:
Thanks

i tried that but all it displayed in the output file was a list of the computer names.

am i missing something?

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 8
  • 7
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now