NetBIOS is a protocol used to provide communication services for the Windows operating systems. NetBIOS was developed early 1980’s for small networks for communication. NetBIOS standardized with the RFC 1001 and RFC 1002.
NetBIOS provides 3 main services. These services are generally used by the Windows operating systems like Windows XP, Windows 7, Windows 8, Windows 10, and Windows Server. Also, some NetBIOS implementations or SMB implementations can also use these services too.
- Name Service is used for name registration and name resolution. IP address can be matched with names which can be resolved using the NetBIOS protocol. Name services use 137/udp and 137/tcp protocols.
- Datagram Distribution service is used to communication for connectionless communication. Datagram distribution service is generally used to share information and file with other hosts. Datagram distribution service use 139/udp port.
- Session Service is used for connection-oriented communication with the 139/tcp port. The session service is reliable alternative to the Datagram distribution service.
NetBIOS is a popular protocol as it is used by all Windows operating systems. The security of the NetBIOS is very important as it is exploited frequently with new vulnerabilities. We can say that NetBIOS is a security concern for Windows operating systems and should be secured with auxiliary methods.
Windows operating systems and Linux distributions provide the
nbtstat command. NetBIOS services are generally used by Windows operating system internally but also some tools are provided to use and manage NetBIOS services. The nbtstat command can be used to use NetBIOS services via a command-line interface. The nbtstat command can be used with MS-DOS and PowerShell command-line interface without problem.
List NetBIOS Names
The nbtstat command can be used to list computers’ NetBIOS names by using the
-n option. The -n option can be used to list local NetBIOS names. The names have listed a table with information Name, Type, and Status.
> nbtstat -n
Ethernet0: Node IpAddress: [192.168.136.132] Scope Id:  NetBIOS Local Name Table Name Type Status --------------------------------------------- DESKTOP-1QKTVV1<20> UNIQUE Registered DESKTOP-1QKTVV1<00> UNIQUE Registered WORKGROUP <00> GROUP Registered Bluetooth Network Connection: Node IpAddress: [0.0.0.0] Scope Id:  No names in cache
List NetBIOS Sessions
Currently, existing NetBIOS sessions can be listed with the nbtstat and
-S option. The sessions and hosts are listed with their NetBIOS names.
> nbstat -S
List NetBIOS Sessions with IP Address Information
The NetBIOS sessions can be also listed with the IP address information. The
-s parameter shodul be provided to the nbtstat command like below.
> nbtstat -s