If you’re facing an issue with NetBIOS name resolution, troubleshooting it can be quite complex. But, did you know that there’s a tool that can help troubleshoot these problems? This tool is the nbtstat command-line utility.
In this article, you’ll learn how to use the nbtstat utility to retrieve NetBIOS statistics. The results can then help you analyze NetBIOS name resolution problems and potentially lead you to fix them.
Dust off your command-line skills and let’s get cracking!
Prerequisites
If you’d like to follow along in the practical bit, be sure to have the following:
- A Windows 10 PC or Windows Server 2012 and later versions. This article will use Windows 1909 version with an OS Build 18363.
- Throughout this article, you will be using an elevated CMD prompt (run as admin) and assume that you already have one opened. You can also use an elevated PowerShell session if you prefer.
Using nbtstat
nbtstat is an external command-line utility that enumerates NetBIOS statistics and displays name tables for local and remote devices in a network. nbtstat has switches that come in handy when troubleshooting NetBIOS connections and name resolution issues.
Getting Help
Like any undertaking, knowing that there’s a help system you can refer to is critical, especially when you’re at your wit’s end. Luckily, nbtstat has a built-in help reference.
To view the nbtstat help, run the command below in the command prompt.
nbtstat -?As a result, you should see a similar output below, showing you the different switches and the explanation.
Apart from the built-in help, nbtstat has an online documentation too!
Displaying A Remote Machine’s NetBIOS Name Table
Note: The
nbtstatswitches are case-sensitive. A switch such as-ais not the same as-A.
Running nbtstat with the -a switch allows you to list a remote machine’s NetBIOS name table. When using this switch, append the remote machine’s name to the command.
For example, to display the NetBIOS name table of DESKTOP-7F4L706, run the command below in the command prompt.
nbtstat -a DESKTOP-7F4L706As a result, the machine table shows the remote device name, the registration status, and whether the devices belong to any workgroups or not, as shown below.
Another switch that displays the same details is the -A switch. Instead of specifying the computer name at the end of this switch, you have to specify the remote computer’s IP address. This switch can be useful if the remote computer’s name is not resolvable.
For example, to display the NetBIOS name table of the remote machine at 192.168.1.111, run the command below in the command prompt.
nbtstat -a 192.168.1.111As you can see below, the result is the same as when you use the -a switch.
Displaying The Local Machine’s Name Table
Running the nbtstat command with the -n switch enumerates computers’ NetBIOS name table of your local PC (locally). Using the -n switch also identifies if the named devices were registered through broadcast or a name server.
To view the local machine name table, run the command below in the command prompt.
nbtstat -nYou should see a similar output as below, showing you the local machine name table.
Displaying The NetBIOS Remote Name Cache
The -c switch lists the contents of the NetBIOS remote name cache. The name cache is a memory location that stores NetBIOS names with their corresponding IP addresses.
This switch primarily displays the name cache of machines and their IP addresses. To display the NetBIOS name cache, run the command below in the CMD.
nbtstat -cAs you can see below, the result shows the NetBIOS names and their corresponding IP addresses.
When using this
-cswitch, you may encounter a ‘no host name response’ result to show no listed and resolved names in the NetBIOS name cache. This result is common in modern networks where name servers such as WINS are no longer in use.
Displaying NetBIOS Name Resolution and Registration Statistics
The nbtstat -r command is a widely used switch when checking NetBIOS name resolution statistics. The -r switch shows the number of NetBIOS names that have been resolved to TCP/IP addresses.
The result is divided according to the mode of name resolution and registration, where the names resolved through broadcast appear first, followed by the names resolved by a name server.
To display the NetBIOS name resolution statistics, type the command below in the CMD.
nbtstat -rYou should see a closely similar output as below, showing you all the information about name resolution and names registered.
The -r switch is essential for diagnosing WINS server configuration problems. A common indication of a problem is when the number of devices resolved and registered through a name server is always zero despite a connection to a name server being present.
Additionally, the switch -r lists all the NetBIOS unique names and their Hex IDs depending on how they were registered and resolved.
Displaying NetBIOS Sessions
The -s switch displays the NetBIOS client and server sessions. The result shows a table converting the destination IP address to the computer’s NetBIOS name.
On the other hand, the -S switch lists both workstation and server sessions of the remote devices using the destination IP address only.
You do not have to specify any value to both these switches. To display the NetBIOS session, run the commands below in the command prompt.
nbtstat -s
nbtstat -SAs you can see below, the result for both commands is No Connections, which means there are no current NetBIOS sessions.
Displaying NetBIOS Statistics Continuously
Suppose you want to monitor a specific NetBIOS statistic at an interval. To do so, you don’t have to manually rerun the nbtstat command every time. You can append the interval (seconds) you want to the nbtstat command and the display will refresh automatically.
For example, to refresh the NetBIOS sessions every 30 seconds, run the command below in the command prompt.
nbtstat -s 30To stop displaying the statistics, press CTRL+C to exit the interval loop.
Purging The NetBIOS Name Cache
In cases where NetBIOS name cache entries appear to be wrong, you may correct the problem by purging the NetBIOS name cache.
Running nbtstat with the-r switch allows administrators to purge the NetBIOS name cache before reloading correctly named entries as present in the Lmhosts file.
To purge the name cache table, run the command below in the command prompt.
nbtstat -RThe screenshot below shows the expected result after purging the name cache table.
Releasing And Refreshing NetBIOS Names
The nbtstat -RR releases and then refreshes NetBIOS names for the local computer registered with WINS servers.
To refresh and release the NetBIOS names, type the command below in your CMD and check the output.
nbtstat -RRThe example below shows the expected output after refreshing the NetBIOS names that the computer registered.
Conclusion
The nbtstat utility may be an old tool but indispensable when dealing with NetBIOS. In this article, you’ve learned how to use nbtstat with its many switches to retrieve information regarding NetBIOS.
With nbtstat, you can take out the guesswork in troubleshooting and start analyzing NetBIOS statistics based on data. Do you think you’d be using this tool or is there a better alternative for you?
