nmblookup question

Andrew Tridgell tridge at samba.anu.edu.au
Wed May 6 00:50:16 GMT 1998

I'm sending this reply to samba-technical as it may interest a few people.

> I've got a quick NetBIOS question.  Given just an IP address is it
> possible to determine a host's SMB/NetBIOS hostname?  Thanks much.

yes and no :-)

The "yes" side: you can do a "node status request" with a netbios name
of '*' and the server will respond with a list of it's own registered
netbios names. That is how nbtstat and nmblookup do this. For example:

bash$ nmblookup -S -U '*'
Sending queries to *<00>
Looking up status of
received 9 names
        FJALL           <00> -         M <ACTIVE> 
        FJALL           <03> -         M <ACTIVE> 
        FJALL           <20> -         M <ACTIVE> 
        ..__MSBROWSE__. <01> - <GROUP> M <ACTIVE> 
        SVERIGE         <00> - <GROUP> M <ACTIVE> 
        SVERIGE         <1b> -         M <ACTIVE> 
        SVERIGE         <1c> - <GROUP> M <ACTIVE> 
        SVERIGE         <1d> -         M <ACTIVE> 
        SVERIGE         <1e> - <GROUP> M <ACTIVE> 
num_good_sends=0 num_good_receives=0

The "no" side: most MS implementations of netbios (NT 3.5 was an
exception for some unknown reason) send the response to a node status
request back to the wrong port number! They always send it to port 137
no matter what the originating port of the request was. That means the
above nmblookup command will appear to fail for most MS machines. If
you look with a sniffer then you will see that it didn't fail, it's
just that nmblookup wasn't listening on 137. If you have the debug up
high in nmbd then you will see that nmbd will have received the
response and printed it into the log file.

More information about the samba-technical mailing list