HowTo resolve Windows client hostname by IP without DNS/WINS

Step-by-Step descriptions of how to do things.
Post Reply
User avatar
peter_b
Chatterbox
Posts: 370
Joined: Tue Nov 12, 2013 2:05 am

HowTo resolve Windows client hostname by IP without DNS/WINS

Post by peter_b »

This HowTo describes how you can resolve hostnames of Windows by IP, but without having a DNS or WINS server to query.

Code: Select all

$ nmblookup -A [HOST_IP]
This returns something like this:

Code: Select all

Looking up status of 192.168.1.7
        PHONOSRV-TEST   <00> -         B <ACTIVE>
        PHONOTHEK       <00> - <GROUP> B <ACTIVE>
        PHONOSRV-TEST   <03> -         B <ACTIVE>
        PHONOSRV-TEST   <20> -         B <ACTIVE>
        PHONOTHEK       <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-0C-29-60-71-61
If you would like to get a list of all computers that currently exist in a subnet, you can combine that with using "nmap":

Code: Select all

$ sudo nmap -n -sn 192.168.1.0/24 | grep "scan report" | cut -d ' ' -f 5
This will have nmap scan for all computers in the 192.168.1.0/24 network. The "24" equals a netmask of "255.255.255.0".
It returns a list of IPs of hosts that are currently turned on and connected to that subnet.

Using BASH-Foo, you can use the following command to scan and resolve in one step:

Code: Select all

$ for IP in $(sudo nmap -n -sn 192.168.100.0/24 | grep "scan report" | cut -d ' ' -f 5); do nmblookup -A $IP; done
Post Reply