When DNS is lying – Finding a Windows Computer Old School Style

Just had a call about…

Login

Blog History

Just had a call about a sound problem and the Windows DNS was resolving the Windows PC's hostname with an IP of 192.168.0.109 but I couldn't connect remotely to the computer. The user was connected to the internet so I knew it had a working IP address.

So next step was to run from a windows Command Prompt the net view command:

net view

net view \\PC-01

Which the first net view didn't show up the hostname in the net view list and the second said that there were no entries in the list (which gives away that the net command was talking to the computer)

So next I connected using Windows Explorer using:

\\PC-01\C$

I got a connection to the C: Drive and I know it's the right computer because this one had a C:\cygwin64 directory which none of the other windows computers on the network do.

So to get the IP address I did:

C:\Users\jm>nbtstat  -a PC-01
 
Local Area Connection 6:
Node IpAddress: [192.168.0.19] Scope Id: []
 
           NetBIOS Remote Machine Name Table
 
       Name               Type         Status
    ---------------------------------------------
    PC-01         <00>  UNIQUE      Registered
    DOMAIN        <00>  GROUP       Registered
    PC-01         <20>  UNIQUE      Registered
 
    MAC Address = 4C-72-B9-41-D2-C5
 
 
C:\Users\jm>arp -a | findstr /i c5
  192.168.0.26          00-50-56-a8-dc-c5     dynamic
  192.168.0.96          4c-72-b9-41-d2-c5     dynamic

So the nbtstat -a <computername> command queries for the netbios name and returns the name and the MAC (if it's on the same subnet)

Then use ARP to map the MAC address to to the IP. arp  -a will potentially return a long list so pipe the output of arp -a to findstr /i <part of the mac>  to narrow down your results.

Note: If you have NetBIOS over TCP/IP turned off  you probably won't be able to use the above commands with success.

This is basic stuff, but if you have been admin-ing a stable network for years you tend to forget these simple commands. So I post this here so I can recall it to mind later.

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.