Chapter 11 - NetBIOS over TCP/IP
Published: June 27, 2005 | Updated: April 18, 2006
Writer: Joe Davies
This chapter describes the network basic input/output system (NetBIOS) over TCP/IP and its implementation in Microsoft® Windows Server™ 2003 and Windows® XP operating systems. Although not required for a networking environment consisting of servers and clients that are based on the Active Directory® directory service, NetBIOS over TCP/IP is still used by earlier versions of Windows and by NetBIOS applications that are included with current versions of Windows. A network administrator must understand NetBIOS names and how they are resolved to troubleshoot issues with NetBIOS name resolution.
For a download of the entire "TCP/IP Fundamentals for Microsoft Windows" online book, which contains a version of this chapter that has been updated for Windows Vista and Windows Server 2008, click here.
On This Page
NetBIOS over TCP/IP Overview
Enabling NetBIOS over TCP/IP
NetBIOS Name Resolution
NetBIOS Node Types
Using the Lmhosts File
The Nbtstat Tool
After completing this chapter, you will be able to:
Define NetBIOS names.
Explain how computers running Windows resolve NetBIOS names.
List and describe the different NetBIOS over TCP/IP node types.
Explain how nodes use the Lmhosts file to resolve NetBIOS names of hosts on remote subnets.
Configure a local or a central Lmhosts file for resolving NetBIOS names of hosts on remote subnets.
Use the Nbtstat tool to gather NetBIOS name information.
NetBIOS over TCP/IP Overview
NetBIOS was developed in the early 1980s to allow applications to communicate over a network. NetBIOS defines:
A Session layer programming interface NetBIOS is a standard application programming interface (API) at the Session layer of the Open Systems Interconnect (OSI) reference model so that user applications can utilize the services of installed network protocol stacks. An application that uses the NetBIOS interface API for network communication can be run on any protocol stack that supports a NetBIOS interface.
A session management and data transport protocol NetBIOS is also a protocol that functions at the Session and Transport layers and that provides commands and support for the following services:
Network name registration and verification.
Session establishment and termination.
Reliable connection-oriented session data transfer.
Unreliable connectionless datagram data transfer.
Protocol and adapter monitoring and management.
NetBIOS over TCP/IP (NetBT) sends the NetBIOS protocol over the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP).
NetBT traffic includes the following:
NetBIOS session traffic over TCP port 139
NetBIOS name management traffic over UDP port 137
NetBIOS datagram traffic over UDP port 138
Figure 11-1 shows the architecture of NetBT components in the TCP/IP protocol suite.
Figure 11-1 NetBT in the TCP/IP protocol suite
Requests for Comments (RFCs) 1001 and 1002 define NetBIOS operation over IPv4. NetBT is not defined for IPv6. NetBIOS over TCP/IP is sometimes referred to as NBT.
Enabling NetBIOS over TCP/IP
You can enable NetBT for computers running Windows Server 2003 or Windows XP by opening Network Connections, right-clicking a connection, clicking the Internet Protocol (TCP/IP) component, clicking Properties, clicking Advanced, clicking the WINS tab, and clicking the appropriate option in NetBIOS setting. Figure 11-2 shows the WINS tab.
Figure 11-2 The WINS tab
For the NetBIOS setting, you can choose any of the following options:
Default Enables NetBT if the network connection has a static IPv4 address configuration. If the network connection uses the Dynamic Host Configuration Protocol (DHCP), it uses the DHCP options in the received DHCPOffer message to either disable NetBT or enable and configure NetBT. To disable NetBT using DHCP, configure the Disable NetBIOS over TCP/IP (NetBT) Microsoft vendor-specific option for the value of 2. This is the default setting for LAN connections.
Enable NetBIOS over TCP/IP Enables NetBT, regardless of the DHCP options received. This is the default setting for remote connections (dial-up or virtual private network).
Disable NetBIOS over NetBIOS Disables NetBT, regardless of the DHCP options received.
NetBT is not required for computers running Windows 2000, Windows XP, or Windows Server 2003 unless you use NetBIOS applications on your network, such as the Computer Browser service. The Computer Browser service maintains the list of computers in the Microsoft Windows Network window of My Network Places. Unlike versions of Windows prior to Windows 2000, file and printer sharing with Windows 2000, Windows XP, or Windows Server 2003 can operate without the use of NetBT.
A NetBIOS name is 16 bytes long and identifies a NetBIOS resource on the network. A NetBIOS name is either a unique (exclusive) or group (non-exclusive) name. When communicating with a specific process on a computer, NetBIOS applications typically use unique names. When communicating with multiple computers at a time, NetBIOS applications use group names.
The File and Printer Sharing over Microsoft Networks component, also known as the Server service in the Services snap-in, is an example of a service that uses a NetBIOS name. When the Server service starts, it registers a unique NetBIOS name based on the computer name. The exact NetBIOS name used by the Server service is the 15-byte computer name plus a sixteenth byte of 0x20. You configure the computer name on the Computer Name tab of the System item in Control Panel. If the computer name is not 15 bytes long, Windows pads it with spaces up to 15 bytes long. Computer names longer than 15 bytes are truncated.
Other network services also use the computer name to build their NetBIOS names, so the sixteenth byte typically identifies a specific service. Other services that use NetBIOS include the Client for Microsoft Networks component (also known as the Workstation service in the Services snap-in) and the Messenger service (not to be confused with Windows Messenger). The Workstation service, also known as the redirector, uses the 15-byte computer name plus a sixteenth byte of 0x00. The Messenger service uses the 15-byte computer name plus a sixteenth byte of 0x03.
Figure 11-3 shows the use of the NetBIOS names of the Server, Workstation, and Messenger services in the NetBT architecture.
Figure 11-3 Examples of NetBIOS names in the NetBT architecture
When you attempt to connect to a shared folder in Windows with a net use command or with Windows Explorer, NetBT attempts to resolve the NetBIOS name for the Server service of the specified computer. After the IPv4 address that corresponds to the NetBIOS name is resolved, the Workstation service on the client computer can initiate communication with the Server service on the file server.
The Server, Workstation, and Messenger services and the services that rely on them—such as the Computer Browser, Distributed File System, and Net Logon services—register NetBIOS names. Windows network applications that access these services must use their corresponding NetBIOS names. For example, workgroup and domain names that are used by the Computer Browser service to collect and distribute the list of workgroups and domains that appear in the Microsoft Windows Network window are NetBIOS names. For more information about workgroups and domains, see “Appendix C – Computer Browser Service.”
Common NetBIOS Names
Table 11-1 lists and describes common NetBIOS names that Windows Server 2003 and Windows XP network services use.
Table 11-1 Common NetBIOS names
The name registered for the Workstation service.
The name registered for the Messenger service.
The name registered for the Server service.
The name of the user currently logged on to the computer. The user name is registered by the Messenger service so that the user can receive net send commands sent to their user name. If more than one user is logged on with the same user name (such as Administrator), only the first computer from which a user has logged on registers the name.
The domain name registered by a domain controller that is running Windows Server 2003.
NetBIOS Name Registration, Resolution, and Release
All NetBT nodes use processes for name registration, name resolution, and name release to manage NetBIOS names on an IPv4 network.
When a NetBT host initializes itself, it registers its NetBIOS names using a NetBIOS Name Registration Request message. A NetBT host performs name registration by sending a broadcast message on the local subnet or a unicast message to a NetBIOS name server (NBNS).
If the name being registered is a unique NetBIOS name and another host has registered that name, either the host that previously registered the name or the NBNS responds with a negative name registration response. After receiving the negative name registration response, the host typically displays an error message to the user.
A NetBIOS name is a Session layer application identifier. TCP/IP uses an IPv4 address as a Network layer identifier of an interface. Therefore, when a NetBIOS application makes a NetBIOS communication request of NetBT, NetBT must associate the NetBIOS name of the destination application with the IPv4 address of the computer on which the application is running. The process of mapping a NetBIOS name to an IPv4 address is known as NetBIOS name resolution.
When a NetBIOS application on a computer running Windows Server 2003 or Windows XP wants to communicate with another TCP/IP host, the application broadcasts a NetBIOS Name Query Request message on the local network or unicasts a NetBIOS Name Query Request message to an NBNS for resolution. In either case, the NetBIOS Name Query Request message contains the NetBIOS name of the destination host.
Either the neighboring host that has registered the NetBIOS name or an NBNS responds by sending a positive NetBIOS Name Query Response message. If the NBNS does not have a mapping for the NetBIOS name, it sends a negative Name Query Response message.
Name release occurs whenever a NetBIOS application is stopped. For example, when the Workstation service on a host running Windows is stopped, the host requests that the NBNS no longer respond to queries for the Workstation service name. Additionally, the host no longer sends negative name registration responses when another host on the local subnet tries to register the corresponding unique NetBIOS name. The NetBIOS name is released and available for use by another host.
Segmenting NetBIOS Names with the NetBIOS Scope ID
The NetBIOS scope ID is a character string that is appended to the NetBIOS name and that isolates a set of NetBT nodes. Without scopes, a unique NetBIOS name must be unique across all the NetBIOS resources on the network. With the NetBIOS scope ID, a unique NetBIOS name must be unique only within a specific NetBIOS scope ID. NetBIOS resources within a scope are isolated from all NetBIOS resources outside the scope. The NetBIOS scope ID on two hosts must match, or the two hosts will not be able to communicate with each other using NetBT.
Figure 11-4 shows an example organization that is using two NetBIOS scopes—APPS and MIS.
Figure 11-4 Example of using NetBIOS scopes
For this example, HOST1.APPS and HOST2.APPS are able to communicate with SERVER.APPS but not with HOST3.MIS, HOST4.MIS, or SERVER.MIS.
The NetBIOS scope also allows computers to use the same 16-byte string as a unique NetBIOS name, provided they have different scope IDs. The NetBIOS scope becomes part of the full NetBIOS name, making the full NetBIOS name unique. In the example network in Figure 11-4, two servers have the same computer name (SERVER) but different scope IDs. Therefore, they have different full NetBIOS names.
You can configure a NetBIOS scope ID through the following:
By configuring the DHCP NetBIOS Scope ID option (option 47) (for DHCP clients)
By configuring the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\ScopeID registry value on the local computer
Unless you are using NetBIOS scopes to specifically isolate NetBT traffic for different sets of NetBT-capable computers, the use of NetBIOS scopes is discouraged.
NetBIOS Name Resolution
NetBIOS name resolution is the process of successfully mapping a NetBIOS name to an IPv4 address. TCP/IP for Windows Server 2003 and Windows XP can use any of the methods listed in Table 11-2 and 11-3 to resolve NetBIOS names.
Table 11-2 Standard methods of resolving NetBIOS names
NetBIOS name cache
A local table that is stored in random access memory (RAM) and that contains the NetBIOS names and their corresponding IPv4 addresses that the local computer has recently resolved.
A server that complies with RFC 1001 and 1002and that provides name resolution of NetBIOS names. The Microsoft implementation of an NBNS is the Windows Internet Name Service (WINS).
NetBIOS Name Query Request messages broadcast on the local subnet.
Table 11-3 Additional Microsoft-specific methods of resolving NetBIOS names
A local text file that maps NetBIOS names to IPv4 addresses for NetBIOS applications running on computers located on remote subnets.
Local host name
The configured host name for the computer.
Domain Name System (DNS) resolver cache
A local RAM-based table that contains domain name and IP address mappings from entries listed in the local HOSTS file and names attempted for resolution by DNS.
Servers that maintain databases of IP address-to-host name mappings.
Resolving Local NetBIOS Names Using a Broadcast
NetBIOS names for NetBIOS applications running on hosts that are attached to a local subnet can be resolved using a broadcast NetBIOS Name Query Request message. The process for using broadcasts is the following:
When a NetBIOS application must resolve a NetBIOS name to an IPv4 address, NetBT checks the NetBIOS name cache for the IPv4 address that corresponds to the NetBIOS name of the destination application. If the name has been recently resolved, a mapping for the destination host is in the sending host’s NetBIOS name cache, and the broadcast is not sent. The NetBIOS name cache reduces extraneous broadcasts sent on the local subnet.
If the NetBIOS name cache does not contain the NetBIOS name, the sending host broadcasts up to three NetBIOS Name Query Request messages on the local subnet.
Each neighboring host on the local subnet receives each broadcast and checks its local NetBIOS table, which is a list of NetBIOS names registered by NetBIOS applications running on the computer, to see whether the host has registered the requested name.
The computer that has registered the queried NetBIOS name sends a positive NetBIOS Name Query Response message to the node that sent the NetBIOS Name Query Request message.
When the sending host receives the positive NetBIOS Name Query Response message, it can begin to communicate with the destination NetBIOS application using a NetBIOS datagram or a NetBIOS session.
Limitations of Broadcasts
Routers do not forward broadcasts. Broadcast frames remain confined to the local subnet. Therefore, NetBIOS name resolution using broadcasts can only resolve names of NetBIOS processes running on nodes attached to the local subnet.
You can enable NetBT broadcast forwarding (UDP ports 137 and 138) on some routers. However, the practice of enabling NetBT broadcast forwarding to simplify NetBIOS name resolution is highly discouraged.
Resolving Names with a NetBIOS Name Server
To resolve the NetBIOS names of NetBIOS applications running on local or remote computers, NetBT nodes commonly use an NBNS. When using an NBNS, the name resolution process is the following:
NetBT checks the NetBIOS name cache for the NetBIOS name-to-IPv4 address mapping.
If the name cannot be resolved using the NetBIOS name cache, NetBT sends a unicast NetBIOS Name Query Request message containing the NetBIOS name of the destination application to the NBNS.
If the NBNS can resolve the NetBIOS name to an IPv4 address, the NBNS returns the IPv4 address to the sending host with a positive NetBIOS Name Query Response message. If the NBNS cannot resolve the NetBIOS name to an IPv4 address, the NBNS sends a negative NetBIOS Name Query Response message.
By default, a computer running Windows Server 2003 or Windows XP attempts to locate its primary NBNS server (a WINS server) three times. If the computer receives no response or a negative NetBIOS Name Query Response message indicating that the name was not found, the computer running Windows attempts to contact additional WINS servers.
When the sending host receives the positive NetBIOS Name Query Response message, the host can begin to communicate with the destination NetBIOS application using a NetBIOS datagram or a NetBIOS session.
Windows Methods of Resolving NetBIOS Names
Computers running Windows Server 2003 or Windows XP can also attempt to resolve NetBIOS names using the Lmhosts file, the local host name, the DNS client resolver cache, and DNS servers. NetBT in Windows Server 2003 and Windows XP uses the following process:
When a NetBIOS application needs to resolve a NetBIOS name to an IPv4 address, NetBT checks the NetBIOS name cache for the NetBIOS name-to-IPv4 address mapping of the destination host. If NetBT finds a mapping, the NetBIOS name is resolved without generating network activity.
If the name is not resolved from the entries in the NetBIOS name cache, NetBT attempts to resolve the name through three NetBIOS name queries to each configured NBNS.
If the configured NBNSs do not send a positive name response, NetBT sends up to three broadcast queries on the local network.
If there is no positive name response and the Use LMHOSTS lookup check box on the WINS tab is selected, NetBT scans the local Lmhosts file. For more information, see "Using the Lmhosts File" in this chapter.
If the NetBIOS name is not resolved from the Lmhosts file, Windows attempts to resolve the name through host name resolution techniques. NetBT converts the NetBIOS name to a single-label, unqualified domain name by taking the first 15 bytes of the NetBIOS name and removing spaces from the end of the name. For example, for the NetBIOS name FILESRV1 , the corresponding single-label, unqualified domain name is filesrv1. The first step in host name resolution techniques is to check for a match against the local host name.
If the converted NetBIOS name does not match the local host name, the DNS Client service checks the DNS client resolver cache.
If the name is not found in the DNS client resolver cache, the DNS Client service attempts to resolve the name by sending queries to a DNS server. The DNS Client service creates fully qualified names from the converted NetBIOS name—a single-label, unqualified domain name—using the techniques described in Chapter 9, “Windows Support for DNS.”
Figure 11-5 shows Windows methods of resolving NetBIOS names.
Figure 11-5 Windows methods of resolving NetBIOS names
If none of these methods resolve the NetBIOS name, NetBT indicates an error to the requesting NetBIOS application, which typically displays an error message to the user.
NetBIOS Node Types
Windows Server 2003 and Windows XP support all of the NetBIOS node types defined in RFCs 1001 and 1002. Each node type resolves NetBIOS names differently. Table 11-4 lists and describes the NetBIOS node types.
Table 11-4 NetBIOS node types
Uses broadcasts for name registration and resolution. Because routers typically do not forward NetBT broadcasts, NetBIOS resources that are located on remote subnets cannot be resolved.
Uses an NBNS such as WINS to resolve NetBIOS names. P-node does not use broadcasts but queries the NBNS directly. Because broadcasts are not used, NetBIOS resources located on remote subnets can be resolved. However, if the NBNS becomes unavailable, NetBIOS name resolution fails for all NetBIOS names, even for NetBIOS applications that are located on the local subnet.
A combination of B-node and P-node. By default, an M-node functions as a B-node. If the broadcast name query is unsuccessful, NetBT uses an NBNS.
A combination of P-node and B-node. By default, an H-node functions as a P-node. If the unicast name query to the NBNS is unsuccessful, NetBT uses a broadcast.
Microsoft enhanced B-node
A combination of B-node and the use of the local Lmhosts file. If the broadcast name query is not successful, NetBT checks the local Lmhosts file.
By default, NetBT on computers running Windows Server 2003 and Windows XP uses the Microsoft enhanced B-node NetBIOS node type if no WINS servers are configured. If at least one WINS server is configured, NetBT uses H-node.
You can override this default behavior and explicitly configure the NetBIOS node type in the following ways:
By using the DHCP WINS/NBT Node Type option (option 46) and setting the value to 1 (Microsoft-enhanced B-node), 2 (P-node), 4 (M-node), or 8 (H-node).
By setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NodeType registry value to 1 (Microsoft-enhanced B-node), 2 (P-node), 4 (M-node), or 8 (H-node).
Using the Lmhosts File
The Lmhosts file is a static text file of NetBIOS names and IPv4 addresses. NetBT uses an Lmhosts file to resolve the NetBIOS names for NetBIOS applications that are running on remote computers on a network that does not contain NBNSs. The Lmhosts file has the following characteristics:
Entries consist of an IPv4 address and a NetBIOS computer name. For example:
Entries are not case-sensitive.
Each computer has its own file in the systemroot\System32\Drivers\Etc folder.
This folder includes a sample Lmhosts file (Lmhosts.sam). You can create another file named Lmhosts or you can rename or copy Lmhosts.sam to Lmhosts in this folder.
By default, computers running Windows Server 2003 and Windows XP use the Lmhosts file, if it exists, in NetBIOS name resolution. You can disable the use of the Lmhosts file by clearing the Use LMHOSTS Lookup check box on the WINS tab of the Advanced TCP/IP Properties dialog box, as Figure 11-2 shows.
The Lmhosts file can contain predefined keywords that are prefixed with the “#” character. Table 11-5 lists the possible Lmhosts keywords.
Table 11-5 Lmhosts keywords
Defines which entries should be initially preloaded as permanent entries in the NetBIOS name cache. Preloaded entries reduce network broadcasts, because names are resolved from the cache rather than from broadcast queries. Entries with a #PRE tag are loaded automatically when TCP/IP is started or manually with the nbtstat –R command.
Identifies computers for Windows domain activities such as logon validation, account synchronization, and computer browsing.
Avoids using NetBIOS unicast name queries for older computers running LAN Manager for UNIX.
Loads and searches entries in the Path\FileName file, a centrally located and shared Lmhosts file. The recommended way to specify file paths is using a universal naming convention (UNC) path such as \\fileserv1\public. You must have entries for the computer names of remote servers hosting the shares in the local Lmhosts file; otherwise, the shares will not be accessible.
#BEGIN_ALTERNATE and #END_ALTERNATE
Defines a list of alternate locations for Lmhosts files.
Adds multiple entries for a multihomed computer.
Because the Lmhosts file is read sequentially, you should add the most frequently accessed computers as the first entries of the file, and add the #PRE-tagged entries as the last entries of the file. Because the #PRE entries are loaded into the NetBIOS name cache, they are not needed when NetBT scans the Lmhosts file after startup. Placing them as the last entries of the file allows NetBT to scan the Lmhosts file for other NetBIOS names more quickly.
Using a Centralized Lmhosts File
NetBT can also scan Lmhosts files that are located on other computers, which allows you to maintain a centralized Lmhosts file that can be accessed through a user’s local Lmhosts file. Using a centralized Lmhosts file still requires each computer to have a local Lmhosts file.
To access a centralized Lmhosts file, a computer’s local Lmhosts file must have an entry with the #INCLUDE tag and the location of the centralized file. For example:
In this example, NetBT includes the Lmhosts file on the Public shared folder of the server named Bootsrv3 in its attempts to resolve a remote NetBIOS name to an IPv4 address.
NetBT scans the centralized Lmhosts file before a user logs on to the computer. Because no user name is associated with the computer before a user logs on, NetBT uses a null user name for its credentials when accessing the shared folder where the central Lmhosts file is located.
To allow null access to a shared folder that contains an Lmhosts file, you must type the name of the folder as the string value of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\Lanmanserver \Parameters\NullSessionShares registry value on the server that is running Windows Server 2003 or Windows XP and that is hosting the shared folder, and then restart the Server service. If you do not set this registry value, the remote Lmhosts file is not accessible until after a valid user logs on to the computer.
The #BEGIN_ALTERNATE and #END_ALTERNATE tags allow you to include a block of remote Lmhosts file locations in the search for a NetBIOS name-to-IPv4 address mapping. This technique is known as block inclusion. For example:
#BEGIN_ALTERNATE #INCLUDE \\Bootsrv3\Public\Lmhosts #INCLUDE \\Bootsrv4\Public\Lmhosts #INCLUDE \\Bootsrv9\Public\Lmhosts #END_ALTERNATE
When NetBT uses a block inclusion, it scans only the first accessible Lmhosts file in the block. NetBT does not access additional Lmhosts files, even if the first accessible Lmhosts file does not contain the desired name. Block inclusion provides fault tolerance for centralized Lmhosts files.
Creating Lmhosts Entries for Specific NetBIOS Names
A typical entry in the Lmhosts file for a NetBIOS computer name allows the resolution of the three NetBIOS names:
These names correspond to the Workstation, Server, and Messenger services, respectively.
However, you might need to resolve a specific 16-character NetBIOS name to a NetBIOS application running on a remote computer. You can configure any arbitrary 16-byte NetBIOS name in the Lmhosts file by using the following syntax:
IPv4Address " NameSpacePadding**\0x** N "
IPv4Address is the IPv4 address to which this NetBIOS name is resolved.
Name is the first part of the NetBIOS name (up to 15 bytes)
SpacePadding is needed to ensure that the full NetBIOS name is 16 bytes. If the Name portion has fewer than 15 bytes, it must be padded with spaces up to 15 bytes.
N indicates the two-digit hexadecimal representation of the 16th byte of the NetBIOS name. The syntax \0xN can represent any byte in the NetBIOS name but is most often used for the 16th character.
For example, you might create an entry so that a computer browsing client can resolve the NetBIOS name Domain0x1B. Domain0x1B is a NetBIOS name that is registered by Domain Master Browse Servers, and certain types of computer browsing situations require the successful resolution of the Domain0x1B NetBIOS name. For example, the Lmhosts file entry for the NetBIOS domain name of EXAMPLE and IPv4 address of 126.96.36.199 is:
188.8.131.52 "EXAMPLE \0x1B"
Name Resolution Problems Using Lmhosts
The most common problems with NetBIOS name resolution when using the Lmhosts file are the following:
An entry for a remote NetBIOS name does not exist in the Lmhosts file.
Verify that the IPv4 address-to-NetBIOS name mappings of all remote hosts that a computer needs to access are added to the Lmhosts file.
The NetBIOS name in the Lmhosts file is misspelled.
Verify the spelling of all names as you add them.
The IPv4 address is invalid for the NetBIOS name.
Verify that the IPv4 address is correct for the corresponding NetBIOS name.
The Lmhosts file contains multiple entries for the same NetBIOS name.
Verify that each entry in the Lmhosts file is unique. If the file contains duplicate names, NetBT uses the first name listed in the file. NetBT will not read the Lmhosts file for any additional entries.
To test an entry in the Lmhosts file, use a NetBIOS application (such as the nbtstat -a command) to verify whether the entry was added correctly.
The Nbtstat Tool
The Nbtstat tool is your primary tool for collecting NetBT information when troubleshooting NetBIOS name issues. Table 11-6 lists the most commonly used Nbtstat options.
Table 11-6 Common Nbtstat options
Displays the NetBIOS name table of the local computer. You use this option to determine the NetBIOS applications that are running on the local computer and their corresponding unique and group NetBIOS names.
-a RemoteComputerName or
Displays the NetBIOS name table of a remote computer by its name or IPv4 address. You use this option to determine the NetBIOS applications that are running on a remote computer and their corresponding unique and group NetBIOS names.
Displays the NetBIOS name cache of the local computer.
Manually flushes and reloads the NetBIOS name cache with the entries in the Lmhosts file that use the #PRE parameter.
Releases and reregisters all local NetBIOS names with the NBNS (a WINS server). You use this option when troubleshooting WINS registration issues.
The chapter includes the following pieces of key information:
NetBIOS is a standard API at the Session layer for user applications to utilize the services of installed network protocol stacks and a session management and data transport protocol.
A NetBIOS name is a 16-byte name that identifies a unique or group NetBIOS application on a network.
NetBIOS name management includes processes for NetBIOS name registration, resolution, and release.
NetBT provides NetBIOS session, name management, and datagram services for NetBIOS applications running on an IPv4 network. NetBT is required for computers running Windows XP or Windows Server 2003 only when running NetBIOS applications.
NetBT in Windows XP and Windows Server 2003 can use the NetBIOS name cache, an NBNS, broadcasts, the Lmhosts file, the local host name, the DNS client resolver cache, and DNS servers to resolve NetBIOS names.
NetBT in Windows XP and Windows Server 2003 uses the Microsoft enhanced B-node NetBIOS node type (if no WINS servers are configured) or the H-node NetBIOS node type (if at least one WINS server is configured).
The Lmhosts file is a static text file of NetBIOS names and IPv4 addresses that NetBT uses to resolve the NetBIOS names for NetBIOS applications running on remote computers.
The Nbtstat tool is the primary tool for collecting NetBT information when troubleshooting NetBIOS name issues.
DNS – See Domain Name System (DNS).
DNS client resolver cache – A RAM-based table that contains both the entries in the Hosts file and the results of recent DNS name queries.
DNS server – A server that maintains a database of mappings of DNS domain names to various types of data, such as IP addresses.
Domain Name System (DNS) – A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. With DNS, users can specify computers and services by friendly names. DNS also enables the discovery of other information stored in its database.
Host name – The name of a computer or device on a network. Users specify computers on the network by their host names. For another computer to be found, its host name must either appear in the Hosts file or be known by a DNS server. For most computers running Windows, the host name and the computer name are the same.
Host name resolution – The process of resolving a host name to a destination IP address.
Hosts file – A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the systemroot\System32\Drivers\Etc folder.
Lmhosts file – A local text file that maps NetBIOS names to IP addresses for hosts that are located on remote subnets. For computers running Windows, this file is stored in the systemroot\System32\Drivers\Etc folder.
NBNS – See NetBIOS name server (NBNS).
NetBIOS – See network basic input/output system (NetBIOS).
NetBIOS name - A 16-byte name for an application that uses the network basic input/output system (NetBIOS).
NetBIOS name cache – A dynamically maintained table that stores recently resolved NetBIOS names and their associated IPv4 addresses.
NetBIOS name resolution – The process of resolving a NetBIOS name to an IPv4 address.
NetBIOS name server (NBNS) – A server that stores NetBIOS name-to-IPv4 address mappings and that resolves NetBIOS names for NetBIOS-enabled hosts. The WINS Server service is the Microsoft implementation of an NBNS.
NetBIOS node type – A designation of the specific way that NetBIOS nodes resolve NetBIOS names.
NetBIOS over TCP/IP (NetBT) – The implementation of the NetBIOS session protocol over TCP/IP (IPv4 only) that provides network name registration and verification, session establishment and termination, and data transfer services for reliable connection-oriented sessions and unreliable connectionless datagrams.
NetBT – See NetBIOS over TCP/IP (NetBT).
Network basic input/output system (NetBIOS) – A standard API for user applications to submit network I/O and control directives to underlying network protocol software and a protocol that functions at the Session layer.
Windows Internet Name Service (WINS) – The Microsoft implementation of an NBNS.
WINS – See Windows Internet Name Service (WINS).