bengoa
asked on
What command do I use to see all IP addresses corresponding Users
Hi ALL,
I am using Win XP Pro with SP 2 and this machine is part of the domain network. In the command prompt there is a command that lets you know what IP addresses correspond to what User Names inside the network. Can somebody refresh my mind as to what the command is? i thought it was "netstat" but its not. Anybody???
thanks
I am using Win XP Pro with SP 2 and this machine is part of the domain network. In the command prompt there is a command that lets you know what IP addresses correspond to what User Names inside the network. Can somebody refresh my mind as to what the command is? i thought it was "netstat" but its not. Anybody???
thanks
nbtstat -a x.x.x.x where x.x.x.x is the ip address
To expand on what Big is saying:
F:\>nbtstat /?
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
esh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
If you need to get the IP addresses, you'll probably need a ping scanner. Alternatively, you can look in the ARP table for the local segment and see all the IP addresses your default gateway is aware of.
F:\>nbtstat /?
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
esh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
If you need to get the IP addresses, you'll probably need a ping scanner. Alternatively, you can look in the ARP table for the local segment and see all the IP addresses your default gateway is aware of.
Maybe you're thinking of "NET SESSION"? It prints the computer and username of everyone connected to a share on that computer.
It's output looks like this (I x'd out portions of my IP):
Computer User name Client Type Opens Idle time
-------------------------- ---------- ---------- ---------- ---------- ---------- ---
\\165.219.xx.xxx TIMHL Unix 0 00:00:06
The command completed successfully.
It's output looks like this (I x'd out portions of my IP):
Computer User name Client Type Opens Idle time
--------------------------
\\165.219.xx.xxx TIMHL Unix 0 00:00:06
The command completed successfully.
netstat -a
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
Netstat is for showing who's currently connected to you on what protocol. The original question was how to show Netbios names to IP address on the network.
My bad :)
:)
I don't think there is command to gather that info from workstation.
But nbtstat -c will show cached Netbios
But nbtstat -c will show cached Netbios
ASKER
Hey Guys,
Nbtstat -a [Ip address] is good and it partially answers my question. However, i want to use a command that gives me an output of something like this for all users that are connected to our domain. what if i did not know IP address of the user?
Computer IP User Name
Nbtstat -a [Ip address] is good and it partially answers my question. However, i want to use a command that gives me an output of something like this for all users that are connected to our domain. what if i did not know IP address of the user?
Computer IP User Name
You could script the nbtstat command to poll your network segment that you want. This will tell you whether the ip is both alive and report back the Netbios status.
Example...
script1.cmd
call script2.cmd 10.x.x.x
call script2.cmd 10.x.x.y
call script2.cmd 10.x.x.z
script2.cmd
nbtstat -a %1 >c:\script.log
You could easily create the 10.x.x.x or whatever range you want in Excel and copy it into that script.
hth
Example...
script1.cmd
call script2.cmd 10.x.x.x
call script2.cmd 10.x.x.y
call script2.cmd 10.x.x.z
script2.cmd
nbtstat -a %1 >c:\script.log
You could easily create the 10.x.x.x or whatever range you want in Excel and copy it into that script.
hth
There isn't such a command in the command line.
See this discussion: https://www.experts-exchange.com/questions/21385300/IP-address-of-users-in-domain.html
See this discussion: https://www.experts-exchange.com/questions/21385300/IP-address-of-users-in-domain.html
ASKER
Hey Big5250,
i created an excell spreadsheet of all the IP address that i want to scan. Now, can you in detail instruct me of how to use that excell spreadsheet in the command prompt with nbtstat command to display all the user names that those IPs correspond to?
Also, i have a log file of some IP addresses that were alive in the past. How do i check what is that IP address has changed to? thanks to all of you guys.
i created an excell spreadsheet of all the IP address that i want to scan. Now, can you in detail instruct me of how to use that excell spreadsheet in the command prompt with nbtstat command to display all the user names that those IPs correspond to?
Also, i have a log file of some IP addresses that were alive in the past. How do i check what is that IP address has changed to? thanks to all of you guys.
First create your Column A as
A B C
call script2.cmd 10.1.1.1 =concatenate(A1," ",b1)
call script2.cmd 10.1.1.2
call script2.cmd 10.1.1.3
call script2.cmd 10.1.1.4
etc
You can drag the C1 column rule down to apply to all the rows you have. The end command should look something like this
call script2.cmd 10.1.1.1
call script2.cmd 10.1.1.2
and so on
Then copy the contents into notepad and save it as script1.cmd
Then open notepad and create a script2.cmd with the following in it
nbtstat -a %1 >c:\script2.log
Save it in the same directory as script1.cmd
Then run script1, and after it's finished the script2.log will have the information for you.
HTH
A B C
call script2.cmd 10.1.1.1 =concatenate(A1," ",b1)
call script2.cmd 10.1.1.2
call script2.cmd 10.1.1.3
call script2.cmd 10.1.1.4
etc
You can drag the C1 column rule down to apply to all the rows you have. The end command should look something like this
call script2.cmd 10.1.1.1
call script2.cmd 10.1.1.2
and so on
Then copy the contents into notepad and save it as script1.cmd
Then open notepad and create a script2.cmd with the following in it
nbtstat -a %1 >c:\script2.log
Save it in the same directory as script1.cmd
Then run script1, and after it's finished the script2.log will have the information for you.
HTH
Another way to track who has what IP is to examine the Security log in Event Viewer. If you have 2003 server you can filter the events by date (helpful to restrict to a specific day), category=Logon/Logoff, event ID=540. Then you can sort by username. The event detail shows the IP the user logged on with.
The Security log can also be exported (but only fully, not filtered) as a CSV which can be loaded into Excel or processed with Perl (you'll need more than FIND or GREP).
The Security log can also be exported (but only fully, not filtered) as a CSV which can be loaded into Excel or processed with Perl (you'll need more than FIND or GREP).
ASKER
Big5250,
Again thanks so much for your great help. I did exactly the way you instructed me and everything went fine. Except the output file which is script2.log only displays the last result of the ip address that was scanned. How can i have all the results displayed in that output file?
Again thanks so much for your great help. I did exactly the way you instructed me and everything went fine. Except the output file which is script2.log only displays the last result of the ip address that was scanned. How can i have all the results displayed in that output file?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.