rubinstein
asked on
Automating NBTSTAT
I have a long list of IP addresses that I would want to run against NBTSTAT and get the user ID from the Netbios remote machine name table. Is there a way to do this or an available tool that does the same thing?
ASKER
I'm very sorry.... I didn't make clear that I wanted to run this from Win 95 on an NT network.
What's the problem with Win x.x? Did you not have gawk?
You also may use perl instead (slightly different syntax abobe)
which is part of NT 4.0
You also may use perl instead (slightly different syntax abobe)
which is part of NT 4.0
WINSDMP.EXE from Resource Kit may be your needs.
Hi,
I'am glad to see that I'am not the only one who would like such a program/rutine. I have tried batch files and pipes to grep and so one, but this was not a good ide because of the difference in the names and the types, and specialy the wierd output from NBTSTAT -A <IP> > file.tmp. Where CR/LF is missing.
Another way would of course be to write a program, which would do exactly the same as NBTSTAT -A, but you will control the result. My knowledge in Windows NT 4.0 network programming is almost zero. (any one ???)
I also tried the WINSDMP way and it works ok, until I discoverd that not all entires from all pc's are in a given WINS database (I have 3000 pc's and 25 WINS database which are set to push/pull). The solution for the missing pc's is still unknown, mayby there is bug in WINSDMP?.
So at this moment I'am back to nothing; The result so fare must be that this only can be solved by writing a program, which emitate NBTSTAT.
Peter Jakobsen
phj-itafd@aalbkom.dk
When you have the WINS dump, this output will also need some sorting and extracting, to get a nice list of IP, Hostname and user name, howto do this will need some kind of program.
I'am glad to see that I'am not the only one who would like such a program/rutine. I have tried batch files and pipes to grep and so one, but this was not a good ide because of the difference in the names and the types, and specialy the wierd output from NBTSTAT -A <IP> > file.tmp. Where CR/LF is missing.
Another way would of course be to write a program, which would do exactly the same as NBTSTAT -A, but you will control the result. My knowledge in Windows NT 4.0 network programming is almost zero. (any one ???)
I also tried the WINSDMP way and it works ok, until I discoverd that not all entires from all pc's are in a given WINS database (I have 3000 pc's and 25 WINS database which are set to push/pull). The solution for the missing pc's is still unknown, mayby there is bug in WINSDMP?.
So at this moment I'am back to nothing; The result so fare must be that this only can be solved by writing a program, which emitate NBTSTAT.
Peter Jakobsen
phj-itafd@aalbkom.dk
When you have the WINS dump, this output will also need some sorting and extracting, to get a nice list of IP, Hostname and user name, howto do this will need some kind of program.
ASKER
Thanks for everyones comments so far. Unfortunately I don't have a C compiler available to me so I can't give GAWK a try. I am hunting around for a copy of winsdump. Peter---I'm glad I am not the only one too.
can send you gawk.exe if you like
If you have the ResourceKit, there is perl which could do it as well. Perl also can also be used to parse winsdmp output.
If you have the ResourceKit, there is perl which could do it as well. Perl also can also be used to parse winsdmp output.
ASKER
AHoffman...
If you could send me gawk.exe, that would be great. My address is m4lrubi@msg.pacbell.com.
regards
Michael Rubinstein
If you could send me gawk.exe, that would be great. My address is m4lrubi@msg.pacbell.com.
regards
Michael Rubinstein
Michael
If you were running on NT (wksn or server) you could do it in BATCH.
Assuming you have your IP address's in a file, one address per line.
Create a batch file with the following contents.
@echo off
if "%2"=="" goto error
del %2
for /f %%a in ('type %1') do echo %%a >>%2 & nbtstat -A %%a|find "<00> UNIQUE">>%2
type %2
goto done
:error
echo.
echo Usage: xxxx.bat ipfile outputfile
echo.
:done
Then run your batch file! The output is IP address on one line, followed by the username on the next. You could modify this as you wish.
If you were running on NT (wksn or server) you could do it in BATCH.
Assuming you have your IP address's in a file, one address per line.
Create a batch file with the following contents.
@echo off
if "%2"=="" goto error
del %2
for /f %%a in ('type %1') do echo %%a >>%2 & nbtstat -A %%a|find "<00> UNIQUE">>%2
type %2
goto done
:error
echo.
echo Usage: xxxx.bat ipfile outputfile
echo.
:done
Then run your batch file! The output is IP address on one line, followed by the username on the next. You could modify this as you wish.
ASKER
Carmine:
Your batch file is quite nifty. Unfortunately for me, there is still a fly in the ointment. The output of the Remote Machine Name Table that I get, is not consistent. I usually get about five lines one of which includes the user ID. However, the line with the User ID is not the only line that contains the the type "Unique". Other lines that include the Unique type contain the a machine identifyer (the circuit ID in our particular network). Another parsing hurdle is that the number contained in the < > brackets is variable.
Here are two sample outputs from NBTSTAT
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------- ---------- ---------
LABCDEF <00> UNIQUE Registered
OPQRST <00> GROUP Registered
LABCDEF <03> UNIQUE Registered
LABCDEF <20> UNIQUE Registered
OPQRST <1E> GROUP Registered
LABCDEF <1F> UNIQUE Registered
78IDDZ502148 <20> UNIQUE Registered
MAC Address = 00-DD-01-14-3A-06
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------- ---------- ---------
73123456789 <00> UNIQUE Registered
ABC_SOUTH <00> GROUP Registered
73123456789 <03> UNIQUE Registered
73123456789 <1F> UNIQUE Registered
WLAABCD <03> UNIQUE Registered
73IDDZ502096 <20> UNIQUE Registered
MAC Address = 00-00-C0-9F-DA-E6
LABCDEF is the user id for the first report and WLAABCD is the user in the second report. As you can see, extracting the data is a parsing nightmare. (Security note: ID's and circuits #'s have been disguised).
regards,
Mike Rubinstein
Alexo:
Thanks for the URL, I will check it out.
Your batch file is quite nifty. Unfortunately for me, there is still a fly in the ointment. The output of the Remote Machine Name Table that I get, is not consistent. I usually get about five lines one of which includes the user ID. However, the line with the User ID is not the only line that contains the the type "Unique". Other lines that include the Unique type contain the a machine identifyer (the circuit ID in our particular network). Another parsing hurdle is that the number contained in the < > brackets is variable.
Here are two sample outputs from NBTSTAT
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------
LABCDEF <00> UNIQUE Registered
OPQRST <00> GROUP Registered
LABCDEF <03> UNIQUE Registered
LABCDEF <20> UNIQUE Registered
OPQRST <1E> GROUP Registered
LABCDEF <1F> UNIQUE Registered
78IDDZ502148 <20> UNIQUE Registered
MAC Address = 00-DD-01-14-3A-06
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------
73123456789 <00> UNIQUE Registered
ABC_SOUTH <00> GROUP Registered
73123456789 <03> UNIQUE Registered
73123456789 <1F> UNIQUE Registered
WLAABCD <03> UNIQUE Registered
73IDDZ502096 <20> UNIQUE Registered
MAC Address = 00-00-C0-9F-DA-E6
LABCDEF is the user id for the first report and WLAABCD is the user in the second report. As you can see, extracting the data is a parsing nightmare. (Security note: ID's and circuits #'s have been disguised).
regards,
Mike Rubinstein
Alexo:
Thanks for the URL, I will check it out.
Sorry my file should have read ...<03> UNIQUE...
which will return both the machine name, and the logged on user name. Is there any way of filtering out the machine name? Do you use some naming scheme that allows you to identify it?
which will return both the machine name, and the logged on user name. Is there any way of filtering out the machine name? Do you use some naming scheme that allows you to identify it?
ASKER
Well, the user name always starts with a letter and most of the time the machine ID starts with a number (except when an "X" is appended for some strange reason) so I could use that. Since my list is not infinently long, I could edit it by hand.
I am getting a syntax error from the for statment in the batch file, I'm tracking it down.
Thanks again.
I am getting a syntax error from the for statment in the batch file, I'm tracking it down.
Thanks again.
Note that I stated that the batch file is fot NT ONLY, it won't work on Win95 as it doesn't handle the extended commands (for /f) that NT does.
ASKER
Carmine:
I ran over to an NT machine and your batch works great.. Thanks.
I ran over to an NT machine and your batch works great.. Thanks.
Shall I post it as an answer then?
ASKER
Yes. I can certainly live with the extra lines in the output. Thanks a lot. I didn't know about the extended features of the NT Batch language.
[Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]
regards,
Mike
[Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]
regards,
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> [Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]
Not as part of the answer, but you can install 4DOS or its graphical equivalent TCMD/32 and get all those features and much more (also available for other platforms -- 4NT, 4OS2, TCMD/16). Go to www.jpsoft.com
Consider it a free tip.
Not as part of the answer, but you can install 4DOS or its graphical equivalent TCMD/32 and get all those features and much more (also available for other platforms -- 4NT, 4OS2, TCMD/16). Go to www.jpsoft.com
Consider it a free tip.
Updated version that rejects entries begining with numbers.
@echo off
if "%2"=="" goto error
if not exist %1 goto nofile
del %2
for /f %%a in ('type %1') do echo %%a & echo %%a >>%2 & nbtstat -A %%a>%temp%ip.tmp & findstr /b "[A-Z]*.*<03> UNIQUE.*" %temp%ip.tmp>>%2
rem type %2
del %temp%ip.tmp
goto done
:error
echo.
echo Usage: Users.bat iplistfile outputfile
echo.
goto done
:nofile
echo.
echo Input file "%1" does not exist.
echo.
:done
@echo off
if "%2"=="" goto error
if not exist %1 goto nofile
del %2
for /f %%a in ('type %1') do echo %%a & echo %%a >>%2 & nbtstat -A %%a>%temp%ip.tmp & findstr /b "[A-Z]*.*<03> UNIQUE.*" %temp%ip.tmp>>%2
rem type %2
del %temp%ip.tmp
goto done
:error
echo.
echo Usage: Users.bat iplistfile outputfile
echo.
goto done
:nofile
echo.
echo Input file "%1" does not exist.
echo.
:done
nearly the same (but formated) using awk, could be improved in many ways:
{ id[0]=$1; id[1]=""; id[2]=""; i=0;
tmp=sprintf("%s\\tmp",ENVI RON["TEMP" ]);
system("nbtstat -a "id[0]" > "tmp);
while ((getline<tmp)>0) {
if ($2=="<03>" && $3=="UNIQUE") { id[++i]=$1; }
}
close(tmp);
printf("%16s %16s %-16s\n",id[0],id[1],id[2] );
}
END { system("del "tmp) }
{ id[0]=$1; id[1]=""; id[2]=""; i=0;
tmp=sprintf("%s\\tmp",ENVI
system("nbtstat -a "id[0]" > "tmp);
while ((getline<tmp)>0) {
if ($2=="<03>" && $3=="UNIQUE") { id[++i]=$1; }
}
close(tmp);
printf("%16s %16s %-16s\n",id[0],id[1],id[2]
}
END { system("del "tmp) }
ASKER
Thanks Carmine and A Hoffman.
regards,
Mike Rubinstein
regards,
Mike Rubinstein
what if i had a list of computer names how would i modify the batch script to accomidate this?
thanks
madforit
thanks
madforit
Just change the entry 'nbtstat -A' to 'nbtstat -a'
But there are much better ways of doing this now using WMI and vbscript etc.
Mark
But there are much better ways of doing this now using WMI and vbscript etc.
Mark
Thanks
i tried that but all it displayed in the output file was a list of the computer names.
am i missing something?
i tried that but all it displayed in the output file was a list of the computer names.
am i missing something?
{ system(nbtstat -a "$1); }
then call:
gawk -f nbtstat.awk file_with_one_IP_per_line