nbtscan
nbtscan is a NetBios-over-TCP/IP scanner for windows file-sharing networks.
Version: 1.5.1.1
Status: Done
The stock MG-35 firmware has a modified version of the GPL nbtscan, with slightly altered parameters. The MG35 runs this command every time you drill down to the machines from the main HDD/NET selection screen. That's why it takes so long (10-12 sec) to find all the machines in your subnet every time you start from the main screen. The program will enumerate the machines, create /hosts/hosts text file and fill it with the IPs and names of the computers and will create mount points in /net for every found machine.
The contents of hosts file is similar to:
192.168.1.13 ATHENS
192.168.1.15 ROME
If you select the HDD instead of NET, it will not run nbtscan and /hosts/hosts will be missing. However, if you telnet in and run the command yourself (or from sashrc, say) it will generate the hosts file for you.
It seems that the built-in nbtscan has a bug: it will start from scratch and create the hosts file each time it is run, instead it will append to the existing one. The result is that the file will grow with every run, and if the IP of one of the machines will change during between runs, the hosts file will be inconsistent.So for the third run, the file for the above example will be:
192.168.1.13 ATHENS
192.168.1.15 ROME
192.168.1.13 ATHENS
192.168.1.15 ROME
192.168.1.13 ATHENS
192.168.1.15 ROME
In the 1.4.4.5 series modified firmware, /bin/nbtscan is a link to /sbin/rbin/nbtscan.new. This program reads a string from location 252 in the flash NV config that holds the name and (optionally) the IP of a Network Attached Storage machine. If this exists, /hosts/hosts and the directory in /net can be generated very quickly otherwise /sbin/rbin/nbtscan is used to do the full scan. If you only have content on one machine, you can use this feature to greatly speed up getting to this machine as the whole subnet scan is avoided and only the relevant machine will be in the list.
To create the flash NV entry use this command in a telnet session -
setnas myserver
or
setnas myserver=192.168.1.30
If your network has functional DNS, you can use the first form. To test this use:
nslookup myserver
You can test whether this is all working by running nbtscan from the telnet command line and by checking the contents of /hosts/hosts afterwards.
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
Options:
-v verbose output. Print all names received from each host
-d dump packets. Print whole packet contents.
-e Write output into /etc/hosts.
-l Format output in lmhosts format. Cannot be used with -v, -s or -h options.
-t timeout wait timeout milliseconds for response. Default 1000.
-b builddir Create a directory for each server name in the builddir folder.
-r use local port 137 for scans. Win95 boxes respond to this only.
You need to be root to use this option on Unix.
-q Suppress banners and error messages.
-s separator Script-friendly output. Don't print column and record headers, separate
fields with separator.
-h Print human-readable names for services. Can only be used with -v option.
-m retransmits Number of retransmits. Default 0.
-f filename Take IP addresses to scan from file filename.
(-f - makes nbtscan take IP addresses from stdin)
<scan_range> what to scan. Can either be single IP like 192.168.1.1 or range of addresses
in one of two forms: xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
This is what MG35 is doing:
nbtscan -q -b /net -e 192.168.0.15/24
Other examples:
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly format, using colon as field separator.
Produces an output like:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.
Version 1.5.1.1 - [John, 2008-04]
Loads comma separated name1, name2=address, name3 list from nvram
Generates /hosts/hosts accordingly
Creates /net/XXX directories