{
	"id": "7a2743ed-0fc1-412e-b05c-8a1dcb2031f2",
	"created_at": "2026-04-06T00:12:38.288293Z",
	"updated_at": "2026-04-10T03:21:19.665769Z",
	"deleted_at": null,
	"sha1_hash": "5761ee7fc5db4c01d516b331133f00650495e508",
	"title": "Netbios Over TCP/IP – nbtstat usage in detail – Information Security Newspaper",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 261296,
	"plain_text": "Netbios Over TCP/IP – nbtstat usage in detail – Information\r\nSecurity Newspaper\r\nBy Jim Gill\r\nPublished: 2018-11-28 · Archived: 2026-04-05 23:40:01 UTC\r\nAs per ethical hacking professionals, Nbtstat is a network tool that is used to check the running TCP/IP\r\nconnections. Nbtstat list all the network connections that are used in Windows OS. This tool is pre-installed in\r\nWindows you no need use any external software to run nbtstat. It’s an effective tool to determine all the TCP/IP\r\nconnections of the Windows machines.\r\nAccording the ethical hacking researcher of iicybersecurity, nbtstat can be used in public wifi networks to gather\r\nall the Ip addresses and use them in fingerprinting or attacking on any pubic ip addresses.\r\nFor starting nbtstat.\r\nGo to Windows start menu.\r\nType cmd.\r\nIn order see the TCP/IP connections you must have IPv4 address to determine TCP/IP connections. You can get\r\nIPv4 by following steps:-\r\nFor getting an IPv4\r\nType ipconfig in cmd which will list all your IP configuration.\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 1 of 8\n\nNBTSTAT :-\r\nFor using nbtstat, type NBTSTAT in cmd of windows machine. Nbtstat options are case sensitive. please\r\ntype each command very carefully.\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 2 of 8\n\nThe above commands can be used to list all the TCP/IP connections in windows machine.\r\nUSING -A / -a  option in nbtstat :-\r\nCommand – nbtstat -a / -A \u003cremote name\u003e \u003cIp address\u003e. If you use \u003cremote name\u003e \u003cIP address\u003e the\r\noutput will be same as shown below.\r\nType nbtstat -a 192.168.1.5\r\nUSING IP ADDRESS (192.168.1.5):-\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 3 of 8\n\nUSING AN REMOTE HOST NAME (cyberthreat):-\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 4 of 8\n\nAfter scanning the target IP address, the command also provides the mac address.\r\nThe above information especially the mac address can be use in other hacking activities.\r\nUSING -c option in nbtstat :-\r\nType nbtstat -c\r\nAs you can see, \u003c-c\u003e has returned with the one ip address. The above IP address can be used in exploiting.\r\n-c option listnbtstat cache table.\r\nREMOTE CACHE NAME TABLE :-\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 5 of 8\n\nJai-Pc (1) is the remote user name .\r\nTypes (2) is used to show IP address it has returned is unique or group. If it is unique that mean its main\r\nPC if it is group that might be another network adapters which are installed.\r\nFor example if you installed vmware or virtualbox both of them will install their own network adapters\r\nwith different MAC/IP addresses.\r\nIPv4 (3) address – 192.168.1.2\r\nLife (sec) – (4) is showing 220 that means it will expire in 220 seconds.\r\nUSING -n option in netstat:-\r\nType nbtstat -n\r\n\u003c-n\u003e wll list the local netbios names.\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 6 of 8\n\nAfter executing the above command, -n has returned with local netbios names.\r\nThis is helpful to check your computer netbios names. To know how many network adapters are present.\r\nUSING -r option in netstat :-\r\nType nbtstat -r\r\n\u003c-r\u003e to list names resolved by broadcast and via WINS.\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 7 of 8\n\nAfter executing the above command, -r has listed the broadcasts names.\r\nThis command returns with no. of users which has been configured to use the WINS and registered using\r\nthe broadcast.\r\n WINS is used to maintain the mapping of computer names to addresses.\r\nCyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist \u0026\r\ninvestigator. He is a cyber-security researcher with over 25 years of experience. He has served with the\r\nIntelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development\r\nof cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber\r\ncrimes. He has been writing for us in his free time since last 5 years.\r\n2018-11-28\r\nSource: https://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nhttps://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/\r\nPage 8 of 8",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.securitynewspaper.com/2018/11/28/netbios-over-tcp-ip-nbtstat-usage-in-detail/"
	],
	"report_names": [
		"netbios-over-tcp-ip-nbtstat-usage-in-detail"
	],
	"threat_actors": [],
	"ts_created_at": 1775434358,
	"ts_updated_at": 1775791279,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5761ee7fc5db4c01d516b331133f00650495e508.pdf",
		"text": "https://archive.orkl.eu/5761ee7fc5db4c01d516b331133f00650495e508.txt",
		"img": "https://archive.orkl.eu/5761ee7fc5db4c01d516b331133f00650495e508.jpg"
	}
}