Solved

Automating NBTSTAT

Posted on 1998-06-11
25
1,821 Views
Last Modified: 2013-12-23
I have a long list of IP addresses that I would want to run against NBTSTAT and get the user ID from the Netbios remote machine name table.  Is there a way to do this or an available tool that does the same thing?
0
Comment
Question by:rubinstein
  • 8
  • 7
  • 4
  • +4
25 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1564261
asuming your IPs are one per line in a file, write following script nbtstat.awk:
{ system(nbtstat -a "$1); }

then call:
gawk -f nbtstat.awk file_with_one_IP_per_line


0
 

Author Comment

by:rubinstein
ID: 1564262
I'm very sorry.... I didn't make clear that I wanted to run this from Win 95 on an NT network.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1564263
What's the problem with Win x.x? Did you not have gawk?
You also may use perl instead (slightly different syntax abobe)
which is part of NT 4.0
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 1564264
WINSDMP.EXE from Resource Kit may be your needs.
0
 

Expert Comment

by:phj
ID: 1564265
Hi,

I'am glad to see that I'am not the only one who would like such a program/rutine. I have tried batch files and pipes to grep and so one, but this was not a good ide because of the difference in the names and the types, and specialy the wierd output from NBTSTAT -A <IP> > file.tmp. Where CR/LF is missing.

Another way would of course be to write a program, which would do exactly the same as NBTSTAT -A, but you will control the result. My knowledge in Windows NT 4.0 network programming is almost zero. (any one ???)

I also tried the WINSDMP way and it works ok, until I discoverd that not all entires from all pc's are in a given WINS database (I have 3000 pc's and 25 WINS database which are set to push/pull). The solution for the missing pc's is still unknown, mayby there is bug in WINSDMP?.

So at this moment I'am back to nothing; The result so fare must be that this only can be solved by writing a program, which emitate NBTSTAT.

Peter Jakobsen
phj-itafd@aalbkom.dk


When you have the WINS dump, this output will also need some sorting and extracting, to get a nice list of IP, Hostname and user name, howto do this will need some kind of program.


0
 

Author Comment

by:rubinstein
ID: 1564266
Thanks for everyones comments so far.  Unfortunately I don't have a C compiler available to me so I can't give GAWK a try.  I am hunting around for a copy of winsdump.  Peter---I'm glad I am not the only one too.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1564267
can send you gawk.exe if you like
If you have the ResourceKit, there is perl which could do it as well. Perl also can also be used to parse winsdmp output.
0
 

Author Comment

by:rubinstein
ID: 1564268
AHoffman...
If you could send me gawk.exe, that would be great.  My address is m4lrubi@msg.pacbell.com.

regards
Michael Rubinstein
0
 
LVL 11

Expert Comment

by:alexo
ID: 1564269
0
 
LVL 5

Expert Comment

by:carmine
ID: 1564270
Michael

If you were running on NT (wksn or server) you could do it in BATCH.

Assuming you have your IP address's in a file, one address per line.

Create a batch file with the following contents.

  @echo off
  if "%2"=="" goto error
  del %2
  for /f %%a in ('type %1') do echo %%a >>%2 & nbtstat -A %%a|find "<00>  UNIQUE">>%2
  type %2
  goto done
  :error
  echo.
  echo Usage: xxxx.bat ipfile outputfile
  echo.
  :done

Then run your batch file! The output is IP address on one line, followed by the username on the next.  You could modify this as you wish.
0
 

Author Comment

by:rubinstein
ID: 1564271
Carmine:
Your batch file is quite nifty.  Unfortunately for me, there is still a fly in the ointment.  The output of the Remote Machine Name Table that I get, is not consistent.  I usually get about five lines one of which includes the user ID.  However, the line with the User ID  is not the only line that contains the the type "Unique".  Other lines that include the Unique type contain the a machine identifyer (the circuit ID in our particular network).  Another parsing hurdle is that the number contained in the < > brackets is variable.

Here are two sample outputs from NBTSTAT


       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
LABCDEF        <00>  UNIQUE      Registered
OPQRST          <00>  GROUP       Registered
LABCDEF        <03>  UNIQUE      Registered
LABCDEF       <20>  UNIQUE      Registered
OPQRST         <1E>  GROUP       Registered
LABCDEF       <1F>  UNIQUE      Registered
78IDDZ502148   <20>  UNIQUE      Registered

MAC Address = 00-DD-01-14-3A-06

     NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
73123456789   <00>  UNIQUE      Registered
ABC_SOUTH      <00>  GROUP       Registered
73123456789     <03>  UNIQUE      Registered
73123456789     <1F>  UNIQUE      Registered
WLAABCD        <03>  UNIQUE      Registered
73IDDZ502096   <20>  UNIQUE      Registered

MAC Address = 00-00-C0-9F-DA-E6

LABCDEF is the user id for the first report and WLAABCD is the user in the second report.  As you can see, extracting the data is a parsing nightmare.  (Security note: ID's and circuits #'s have been disguised).

regards,
Mike Rubinstein

Alexo:
Thanks for the URL, I will check it out.
0
 
LVL 5

Expert Comment

by:carmine
ID: 1564272
Sorry my file should have read ...<03>  UNIQUE...
which will return both the machine name, and the logged on user name.  Is there any way of filtering out the machine name?  Do you use some naming scheme that allows you to identify it?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:rubinstein
ID: 1564273
Well, the user name always starts with a  letter and most of the time the machine ID starts with a number (except when an "X" is appended for some strange reason) so I could  use that.  Since my list is not infinently long, I could edit it by hand.

I am getting a syntax error from the for statment in the batch file, I'm tracking it down.

Thanks again.
0
 
LVL 5

Expert Comment

by:carmine
ID: 1564274
Note that I stated that the batch file is fot NT ONLY, it won't work on Win95 as it doesn't handle the extended commands (for /f) that NT does.
0
 

Author Comment

by:rubinstein
ID: 1564275
Carmine:
I ran over to an NT machine and your batch works great.. Thanks.
0
 
LVL 5

Expert Comment

by:carmine
ID: 1564276
Shall I post it as an answer then?
0
 

Author Comment

by:rubinstein
ID: 1564277
Yes.  I can certainly live with the extra lines in the output.  Thanks a lot.  I didn't know about the extended features of the NT Batch language.

[Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]

regards,
Mike
0
 
LVL 5

Accepted Solution

by:
carmine earned 70 total points
ID: 1564278
Michael

If you were running on NT (wksn or server) you could do it in BATCH.

Assuming you have your IP address's in a file, one address per line.

Create a batch file with the following contents.

  @echo off
  if "%2"=="" goto error
  if not exist %1 goto file
  del %2
  for /f %%a in ('type %1') do echo %%a >>%2 & nbtstat -A %%a|find "<03>  UNIQUE">>%2
  goto done
  :error
  echo.
  echo Usage: xxxx.bat ipfile outputfile
  echo.
  goto done
  :file
  echo.
  echo Cann't find input file "%1".
  echo.
  :done

Then run your batch file! The output is IP address on one line, followed by the username/machine name on the next line(s).  You could modify this as you wish.
0
 
LVL 11

Expert Comment

by:alexo
ID: 1564279
>> [Not as part of this question, but I wonder if anyone has figured out how to make those features available to WIN 95 users]

Not as part of the answer, but you can install 4DOS or its graphical equivalent TCMD/32 and get all those features and much more (also available for other platforms -- 4NT, 4OS2, TCMD/16).  Go to www.jpsoft.com

Consider it a free tip.
0
 
LVL 5

Expert Comment

by:carmine
ID: 1564280
Updated version that rejects entries begining with numbers.

@echo off
if "%2"=="" goto error
if not exist %1 goto nofile
del %2

for /f %%a in ('type %1') do echo %%a & echo %%a >>%2 & nbtstat -A %%a>%temp%ip.tmp & findstr /b "[A-Z]*.*<03>  UNIQUE.*" %temp%ip.tmp>>%2

rem type %2
del %temp%ip.tmp
goto done
:error
echo.
echo Usage: Users.bat iplistfile outputfile
echo.
goto done
:nofile
echo.
echo Input file "%1" does not exist.
echo.
:done

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1564281
nearly the same (but formated) using awk, could be improved in many ways:

{ id[0]=$1; id[1]=""; id[2]=""; i=0;
  tmp=sprintf("%s\\tmp",ENVIRON["TEMP"]);
  system("nbtstat -a "id[0]" > "tmp);
  while ((getline<tmp)>0) {
    if ($2=="<03>" && $3=="UNIQUE") { id[++i]=$1; }
  }
  close(tmp);
  printf("%16s %16s %-16s\n",id[0],id[1],id[2]);
}
END { system("del "tmp) }
0
 

Author Comment

by:rubinstein
ID: 1564282
Thanks Carmine and A Hoffman.  

regards,
Mike Rubinstein
0
 

Expert Comment

by:madforit2501
ID: 12840049
what if i had a list of computer names how would i modify the batch script to accomidate this?

thanks

madforit
0
 
LVL 5

Expert Comment

by:carmine
ID: 12840147
Just change the entry 'nbtstat -A' to 'nbtstat -a'

But there are much better ways of doing this now using WMI and vbscript etc.

Mark
0
 

Expert Comment

by:madforit2501
ID: 12840190
Thanks

i tried that but all it displayed in the output file was a list of the computer names.

am i missing something?

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now