Get-NBTHosts
I've been a long time user of a very useful cmd line utility called NBTScan. NBTScan is similar to the Windows builtin cmd line utility NBTSTAT, but can operate on a range of IP addresses instead of a single IP. Using NBTscan, you can get a list of Windows machines that are configured to respond to NETBIOS and aren't behind a firewall. You can find some more information about NBTScan at http://www.unixwiz.net/tools/nbtscan.html, but that's an older version that doesn't support a couple of required parameters for this script. For the newest version that I've been able to find, look at http://inetcat.net/software/nbtscan.html.
Here's a script I use to wrap the output into Powershell friendly custom objects.
function Get-NBTHosts {
param($iprange)
if (!$iprange) {
write-Host "You must specify an -iprange in CDIR notation.`r`n Example: 192.168.1.0/24 "
return
}
$iprange | % { nbtscan -t 500 -m 1 -s : $_ 2>$null | % {
$out = 1 |Select-Object IPAddress,Name,User,MACAddress
$a = $_.split(":")
$out.IPAddress = $a[0].trim()
$out.Name = $a[1].replace("IS~","").trim()
$out.User = $a[3].trim()
$out.MACAddress = $a[4].trim()
write-Output $out
}
}
}
Example:
PS D:\ps> Get-NBTHosts 10.150.5.0/24
IPAddress Name User MACAddress
--------- ---- ---- ----------
10.150.5.3 HHHSSC65SP5 <unknown> XX-XX-XX-XX-XX-XX
10.150.5.6 HHHSQL <unknown> XX-XX-XX-XX-XX-XX
10.150.5.8 HHHFDBSVR <unknown> XX-XX-XX-XX-XX-XX
PS D:\ps>
You'll need nbtscan and cygwin1.dll somewhere in your path so that Get-NBTHosts can find it or modify the script to point directly to location of nbtscan.
Comments Welcome:
$emailaddress = [string]::join("",("gaurhoth",[char]64,"g","m","a","i","l",".","c","o","m"))