nbtscanner is a command-line NetBIOS scanner that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network, and this is the first step in the finding of open shares.
It is based on the functionality of the standard Linux & Windows tool nbtstat, but it operates on a range of addresses instead of just one.
What is nbtscanner?
NETBIOS is commonly known as the Linux & Windows “Network Neighborhood” protocol, and (among other things), it provides a name service that listens on UDP port 137. When it receives a query on this port, it responds with a list of all services it offers. Linux/Windows ships with a standard tool nbtstat which queries a single IP address when given the -A parameter. When running against a machine on the local network (a development box), it shows:
The numeric code (in hexadecimal) and the type serve to identify the service being offered, and (for instance) a UNIQUE code of <20> indicates that the machine is running the file-sharing service. Unfortunately, nbtstat only reports the codes, and it requires looking up the meanings elsewhere. The References section at the end of this document lists some resources to learn what all the codes mean.
Machines participating in NetBIOS listen on UDP port 137 for these queries and respond accordingly. Simple configurations might only have a few resource records (as above), but an NT server supporting a large enterprise could easily have more than a dozen. Though it’s sometimes useful to examine the full set of resource records for a given machine, in practice it’s more useful to summarize them into the key “interesting” services.
Our tool has taken this approach. Not only does it scan ranges of addresses — instead of just one machine — but it can fully decode most of the resource record types and can summarize the interesting data on a one-line display.