Problem solve Get help with specific problems with your technologies, process and projects.

Understanding the NBTSTAT command and how it works

I never truly understood what the NBTSTAT command does exactly. Can you explain?

I'm not sure whether you want me to run down the uses of NBTSTAT or to describe how it does its work. I'll do both.

First, how it works. Windows computers communicate via the Server Message Block (SMB) network command protocol. (It's now called Common Internet File System, or CIFS, because the word "Internet" needs to be in the name of every technology coming from Microsoft.)

SMB hosts need to have some way of identifying each other. For this purpose, they use a friendly name assigned to the computer. For historical reasons, this is called the NetBIOS name even though SMB does not use the NetBIOS interface. I usually call it the "flat" name to avoid confusion with NetBIOS functions.

The TCP/IP stack doesn't know flat names from diddley so Windows relies on a little application called NetBIOS-Over-TCPIP Helper (NBT) to handle flat names.

For example, the NBT helper "registers" the computer's flat name when the Windows client binds to the adapter at startup. This registration process ensures that the name is unique. It registers either by putting a resource record in its WINS server or by broadcasting and waiting for another computer to complain that the name is already in use. Obviously, this broadcasting won't work well in a routed environment. The NBT helper also "resolves" other computer's flat names into IP addresses, once again using either WINS or broadcasts.

NBT caches the name registration and resolution results to save time and bandwidth. NBTSTAT is your window into that cache.

If you type NBTSTAT with no parameters, you'll get a list of the switches and what they do. Examples of the switches I use most often are in the response titled, "Example of NBTSTAT switches."

Dig Deeper on Windows systems and network management