• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 514
  • Last Modified:

What command do I use to see all IP addresses corresponding Users

I am using Win XP Pro with SP 2 and this machine is part of the domain network.  In the command prompt there is a command that lets you know what IP addresses correspond to what User Names inside the network.  Can somebody refresh my mind as to what the command is?  i thought it was "netstat" but its not.   Anybody???
  • 6
  • 4
  • 3
  • +2
1 Solution
nbtstat -a x.x.x.x where x.x.x.x is the ip address
To expand on what Big is saying:

F:\>nbtstat /?

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
        [-r] [-R] [-RR] [-s] [-S] [interval] ]

  -a   (adapter status) Lists the remote machine's name table given its name
  -A   (Adapter status) Lists the remote machine's name table given its
                        IP address.
  -c   (cache)          Lists NBT's cache of remote [machine] names and their IP
  -n   (names)          Lists local NetBIOS names.
  -r   (resolved)       Lists names resolved by broadcast and via WINS
  -R   (Reload)         Purges and reloads the remote cache name table
  -S   (Sessions)       Lists sessions table with the destination IP addresses
  -s   (sessions)       Lists sessions table converting destination IP
                        addresses to computer NETBIOS names.
  -RR  (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr

  RemoteName   Remote host machine name.
  IP address   Dotted decimal representation of the IP address.
  interval     Redisplays selected statistics, pausing interval seconds
               between each display. Press Ctrl+C to stop redisplaying

If you need to get the IP addresses, you'll probably need a ping scanner.  Alternatively, you can look in the ARP table for the local segment and see all the IP addresses your default gateway is aware of.
Maybe you're thinking of "NET SESSION"?  It prints the computer and username of everyone connected to a share on that computer.

It's output looks like this (I x'd out portions of my IP):

Computer               User name            Client Type       Opens Idle time

\\165.219.xx.xxx       TIMHL                Unix                  0 00:00:06

The command completed successfully.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

netstat -a
Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
  -e            Displays Ethernet statistics. This may be combined with the -s
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -v            When used in conjunction with -b, will display sequence of
                components involved in creating the connection or listening
                port for all executables.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.
Netstat is for showing who's currently connected to you on what protocol.  The original question was how to show Netbios names to IP address on the network.
My bad  :)

I don't think there is command to gather that info from workstation.
But nbtstat -c will show cached Netbios
bengoaAuthor Commented:
Hey Guys,

Nbtstat -a [Ip address] is good and it partially answers my question.  However, i want to use a command that gives me an output of something like this for all users that are connected to our domain.  what if i did not know IP address of the user?
Computer IP           User Name
You could script the nbtstat command to poll your network segment that you want.  This will tell you whether the ip is both alive and report back the Netbios status.


call script2.cmd 10.x.x.x
call script2.cmd 10.x.x.y
call script2.cmd 10.x.x.z

nbtstat -a %1 >c:\script.log

You could easily create the 10.x.x.x or whatever range you want in Excel and copy it into that script.

There isn't such a command in the command line.  

See this discussion:  http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21385300.html
bengoaAuthor Commented:
Hey Big5250,

i created an excell spreadsheet of all the IP address that i want to scan.   Now, can you in detail instruct me of how to use that excell spreadsheet in the command prompt with nbtstat command to display all the user names that those IPs correspond to?  
Also, i have a log file of some IP addresses that were alive in the past.  How do i check what is that IP address has changed to?   thanks to all of you guys.  
First create your Column A as

         A                        B                  C
call script2.cmd       =concatenate(A1," ",b1)
call script2.cmd
call script2.cmd
call script2.cmd

You can drag the C1 column rule down to apply to all the rows you have.  The end command should look something like this

call script2.cmd
call script2.cmd
and so on

Then copy the contents into notepad and save it as script1.cmd

Then open notepad and create a script2.cmd with the following in it

nbtstat -a %1 >c:\script2.log

Save it in the same directory as script1.cmd

Then run script1, and after it's finished the script2.log will have the information for you.

Another way to track who has what IP is to examine the Security log in Event Viewer. If you have 2003 server you can filter the events by date (helpful to restrict to a specific day), category=Logon/Logoff, event ID=540. Then you can sort by username. The event detail shows the IP the user logged on with.

The Security log can also be exported (but only fully, not filtered) as a CSV which can be loaded into Excel or processed with Perl (you'll need more than FIND or GREP).

bengoaAuthor Commented:
Again thanks so much for your great help.  I did exactly the way you instructed me and everything went fine.  Except the output file which is script2.log  only displays the last result of the ip address that was scanned.  How can i have all the results displayed in that output file?    
Ooops, my bad.

Instead of
nbtstat -a %1 >c:\script2.log
make it
nbtstat -a %1 >>c:\script2.log

Notice the second >

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 6
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now