====== NETBIOS ====== ===== nbtsta t===== A diagnostic tool for NetBIOS over TCP/IP. Its primary design is to help troubleshoot NetBIOS name resolution problems. The common parameters are: * nbtstat -c: displays the contents of the NetBIOS name cache, the table of NetBIOS names and their resolved IP addresses. * nbtstat -n: displays the names that have been registered locally on the system. * nbtstat -r: displays the count of all NetBIOS names resolved by broadcast and querying a WINS server. * nbtstat -R: purges and reloads the remote cache name table. * nbtstat -RR: sends name release packets to WINs and then starts Refresh. * nbtstat -s: lists the current NetBIOS sessions and their status, including statistics. * nbtstat -S: lists sessions table with the destination IP addresses. Be aware that when you run NetBIOS without specifying a username, it will use the "guest" account (so that is what you will see on the Microsoft logs) ===== Disable NetBIOS ===== As per [[https://10dsecurity.com/blog-saying-goodbye-netbios.html|this page]]. Disabling the NetBIOS support from a (Windows) DHCP server can be accomplished by the following steps: - Open Administrative Tools, click DHCP - Expand the DHCP server name, expand scope, right-click scope options, then click Configure Options. - Click the advanced tab, then ''Microsoft Windows 2000 Options'' in the Vendor Class list. - Make sure ''Default User Class'' is selected in the User Class list. - Select the checkbox for ''001 Microsoft Disable NetBIOS Option'' under Available Options. - In the Data Entry area, type '0x2' in the Long box, then click OK. Disabling the NetBIOS support on a client computer can be accomplished by the following steps Manually via Network Adapter settings: - Open Network Connection Properties. - Select TCP/IP v4. - Click Advanced, then select the WINS tab. - Select ''Disable NetBIOS over TCP/IP''. - Click OK and reboot the computer. Via registry settings It is worth noting that these settings are for each network adapter; scripts are available to configure these settings for all adapters in a computer. Evaluate the use of a script in your environment, and consider the implications if deployed in masse. - Open registry editor. - Edit the data for ''NetbiosOptions'' and set the parameter to 2 (it will be 0 by default). - Perform the above steps for each adapter in the computer. - Close the registry editor and reboot the computer.