Solved

nbtstat -r to show resolved name by Netbios broadcast

Posted on 2013-06-06
14
1,604 Views
Last Modified: 2013-06-07
I'm trying to understand how Netbios broadcast resolves hostname to IP, then where it saves in cache and how to see the cache table.

I used nbtstat -r to see the cache table of already resolved hostname by a local machine.

First, it doesn't list IP address of the resolved hostnames.

Second, after I just simply pinged hostname 'xxxx', then ran nbtstat -r to see if the local machine put the resolved name-ip pair in its cache, but it's not there.

Is Netbios something we just assume it works and don't have to know about it? Or is there any way to see the cache table with resolved hostname-IP pair and if it really updates
0
Comment
Question by:crcsupport
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 370 total points
ID: 39228780
Usually to see the cache table, I'd use nbtstat -c, rather than nbtstat -r.  But it's been a while since I've relied on Netbios.  I believe the recommendation has been to move towards DNS.

But to get a better look into the addresses, I'd be tempted to look at a tool like the NetBIOS Browsing Console.
0
 
LVL 17

Assisted Solution

by:surbabu140977
surbabu140977 earned 75 total points
ID: 39228797
Try nbtstat -c and not -r.

Here is the proper syntax of nbtstat. You have to use proper syntax to see the right results.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/nbtstat.mspx?mfr=true

Best,
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39228841
I used all 'display switch', but none of them shows the name-ip pair in cache. I again pinged hostname and checked, still empty table.



C:\Users\user1>nbtstat -c

VirtualBox Host-Only Network:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection:
Node IpAddress: [192.168.1.120] Scope Id: []

    No names in cache

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

C:\Users\user1>ping pdc_Serv

Pinging xxxserv.CRCCORP.LOCAL [192.168.1.11] with 32 bytes of data:
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\user1>nbtstat -c

VirtualBox Host-Only Network:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection:
Node IpAddress: [192.168.1.120] Scope Id: []

    No names in cache

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

C:\Users\user1>
0
 
LVL 17

Assisted Solution

by:surbabu140977
surbabu140977 earned 75 total points
ID: 39228898
Will you try uninstalling tcp/ip, netbios, NIC card driver, client for microsoft networks and then try installing back to see if the problem is solved? This is at per my windows admin who claims might solve the issue. : )
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39229051
I don't have problem now. I had switch problem two days ago. I was using nbtstat to see what the problem is but, it didn't help much. So I was wondering why nbtstat doesn't give any information I expected.
I started reading at the browstat.exe to see if it can show me more about the netbios status.
0
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 370 total points
ID: 39229107
I apologize if I missed it, but are you certain your ping's are causing a dns name resolution rather than net bios?  (does 'ipconfig /displaydns' show you the server in cache?)
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39229251
Razmus, you're right. I didnt' pay attention to the ping result. Actually it converts my ping to hostname to hostname.domain-name.com. I checked ipconfig /displaydns, it shows the updated cache with the result.

Why does ping to netbios name is converted to dns name?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Comment

by:crcsupport
ID: 39229260
that's because there's setting at NIC 'Append parent suffix of the primary DNS suffix' ?
0
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 370 total points
ID: 39229312
Yes, exactly that.. .  Windows will attempt DNS before falling back to netbios name resolution.  (And it'll use local host tables before either.)  It'll try your primary dns suffix, as well as any other suffixes configured in your search list.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39229444
I played around it. Instead our domain suffix, I forced to append to 'dummy.com'.  Then I pinged 'xxx_Serv'. This is what happened below. it appended 'dummy.com' to the host name, then it returned successful response with some unknown ip address.

But I didn't have any problem browsing to the shared folder of the server, then I guessed maybe the pc used pure Netbios to contact the server, so I used 'nbtstat -c' to see what shows in cache, there it goes, it shows now the server-ip pair of the server. And 'ipconfig /displaydns'  shows empty.

Looks like Windows PC wants to use DNS instead of NetBios, then NetBios is the backup to communicate.

==========================
C:\Users\user1>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\user1>ipconfig /displaydns

Windows IP Configuration

Could not display the DNS Resolver Cache.

C:\Users\user1>ping xxxx_Serv

Pinging xxxx_Serv.dummy.com [198.202.143.20] with 32 bytes of data:
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53

Ping statistics for 198.202.143.20:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 77ms, Average = 77ms

C:\Users\user1>ipconfig /displaydns

Windows IP Configuration


C:\Users\user1>



C:\Users\user1>nbtstat -c

VirtualBox Host-Only Network:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection:
Node IpAddress: [192.168.1.120] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type       Host Address    Life [sec]
    ------------------------------------------------------------
    XXXXXX <20>  UNIQUE          192.168.1.12        507
    XXXX_SERV    <20>  UNIQUE          192.168.1.14        505
    XXXXXX <20>  UNIQUE          192.168.1.28        355

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39229448
weird thing, 198.202.143.20 shows as an outside unknown host 'landings.lax.trafficz.com'.

I don't know why it pings this address when DNS fully qualified name is invalid. lol???
0
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 370 total points
ID: 39229468
I suspect landings.lax.trafficz.com is either a destination for an advertisement you hit, or some other software on your machine that's 'calling home.'
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 55 total points
ID: 39229477
When you ping, that is an IP operation, and it   doesn't touch the netbios stack. If you want to activate netbios, you need to run a netbios command such as net view \\machine
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39229495
Kevin, I also noticed that too during the test. I initiated netbios connection by UNC path browsing to shared folder.

Thank you guys all, now I feel I am more equipped to troubleshoot next time.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now