Just like DNS, the NTB-NS (NetBIOS name service) protocol is used to translate names to IP addresses. By default, it's used as a fallback in AD-DS.
The tools nbtscan and nmblookup can be used for reverse lookup (IP addresses to NetBIOS names)
# Name lookup on a range
nbtscan -r $SUBNET/$MASK
# Find names and workgroup from an IP address
nmblookup -A $IPAdress
Some NBT-NS recon can be carried out with the enum4linux tool (see this page).
Last modified 2yr ago