nbtstat -r to show resolved name by Netbios broadcast

I'm trying to understand how Netbios broadcast resolves hostname to IP, then where it saves in cache and how to see the cache table.

I used nbtstat -r to see the cache table of already resolved hostname by a local machine.

First, it doesn't list IP address of the resolved hostnames.

Second, after I just simply pinged hostname 'xxxx', then ran nbtstat -r to see if the local machine put the resolved name-ip pair in its cache, but it's not there.

Is Netbios something we just assume it works and don't have to know about it? Or is there any way to see the cache table with resolved hostname-IP pair and if it really updates
LVL 1
crcsupportAsked:
Who is Participating?
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
Yes, exactly that.. .  Windows will attempt DNS before falling back to netbios name resolution.  (And it'll use local host tables before either.)  It'll try your primary dns suffix, as well as any other suffixes configured in your search list.
0
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
Usually to see the cache table, I'd use nbtstat -c, rather than nbtstat -r.  But it's been a while since I've relied on Netbios.  I believe the recommendation has been to move towards DNS.

But to get a better look into the addresses, I'd be tempted to look at a tool like the NetBIOS Browsing Console.
0
 
surbabu140977Connect With a Mentor Commented:
Try nbtstat -c and not -r.

Here is the proper syntax of nbtstat. You have to use proper syntax to see the right results.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/nbtstat.mspx?mfr=true

Best,
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
crcsupportAuthor Commented:
I used all 'display switch', but none of them shows the name-ip pair in cache. I again pinged hostname and checked, still empty table.



C:\Users\user1>nbtstat -c

VirtualBox Host-Only Network:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection:
Node IpAddress: [192.168.1.120] Scope Id: []

    No names in cache

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

C:\Users\user1>ping pdc_Serv

Pinging xxxserv.CRCCORP.LOCAL [192.168.1.11] with 32 bytes of data:
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128
Reply from 192.168.1.11: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\user1>nbtstat -c

VirtualBox Host-Only Network:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection:
Node IpAddress: [192.168.1.120] Scope Id: []

    No names in cache

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

C:\Users\user1>
0
 
surbabu140977Connect With a Mentor Commented:
Will you try uninstalling tcp/ip, netbios, NIC card driver, client for microsoft networks and then try installing back to see if the problem is solved? This is at per my windows admin who claims might solve the issue. : )
0
 
crcsupportAuthor Commented:
I don't have problem now. I had switch problem two days ago. I was using nbtstat to see what the problem is but, it didn't help much. So I was wondering why nbtstat doesn't give any information I expected.
I started reading at the browstat.exe to see if it can show me more about the netbios status.
0
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
I apologize if I missed it, but are you certain your ping's are causing a dns name resolution rather than net bios?  (does 'ipconfig /displaydns' show you the server in cache?)
0
 
crcsupportAuthor Commented:
Razmus, you're right. I didnt' pay attention to the ping result. Actually it converts my ping to hostname to hostname.domain-name.com. I checked ipconfig /displaydns, it shows the updated cache with the result.

Why does ping to netbios name is converted to dns name?
0
 
crcsupportAuthor Commented:
that's because there's setting at NIC 'Append parent suffix of the primary DNS suffix' ?
0
 
crcsupportAuthor Commented:
I played around it. Instead our domain suffix, I forced to append to 'dummy.com'.  Then I pinged 'xxx_Serv'. This is what happened below. it appended 'dummy.com' to the host name, then it returned successful response with some unknown ip address.

But I didn't have any problem browsing to the shared folder of the server, then I guessed maybe the pc used pure Netbios to contact the server, so I used 'nbtstat -c' to see what shows in cache, there it goes, it shows now the server-ip pair of the server. And 'ipconfig /displaydns'  shows empty.

Looks like Windows PC wants to use DNS instead of NetBios, then NetBios is the backup to communicate.

==========================
C:\Users\user1>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\user1>ipconfig /displaydns

Windows IP Configuration

Could not display the DNS Resolver Cache.

C:\Users\user1>ping xxxx_Serv

Pinging xxxx_Serv.dummy.com [198.202.143.20] with 32 bytes of data:
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53
Reply from 198.202.143.20: bytes=32 time=77ms TTL=53

Ping statistics for 198.202.143.20:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 77ms, Average = 77ms

C:\Users\user1>ipconfig /displaydns

Windows IP Configuration


C:\Users\user1>



C:\Users\user1>nbtstat -c

VirtualBox Host-Only Network:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Local Area Connection 2:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection:
Node IpAddress: [192.168.1.120] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type       Host Address    Life [sec]
    ------------------------------------------------------------
    XXXXXX <20>  UNIQUE          192.168.1.12        507
    XXXX_SERV    <20>  UNIQUE          192.168.1.14        505
    XXXXXX <20>  UNIQUE          192.168.1.28        355

Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache
0
 
crcsupportAuthor Commented:
weird thing, 198.202.143.20 shows as an outside unknown host 'landings.lax.trafficz.com'.

I don't know why it pings this address when DNS fully qualified name is invalid. lol???
0
 
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
I suspect landings.lax.trafficz.com is either a destination for an advertisement you hit, or some other software on your machine that's 'calling home.'
0
 
kevinhsiehConnect With a Mentor Commented:
When you ping, that is an IP operation, and it   doesn't touch the netbios stack. If you want to activate netbios, you need to run a netbios command such as net view \\machine
0
 
crcsupportAuthor Commented:
Kevin, I also noticed that too during the test. I initiated netbios connection by UNC path browsing to shared folder.

Thank you guys all, now I feel I am more equipped to troubleshoot next time.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.