I'm trying to write a script that depends on knowing the names of the computers on a network segment, but all the scripts I've found depend on a DNS inquiry which only replys with the names of a few of the machines. For example:
[System.Net.Dns]::GetHostbyAddress($IPAddress)
I've also tried using
Ping -a $ipaddress
but this often fails to return the machine name as well. Is there a way to ask the host what it's name is directly and what level of permissions might be required in AD to get a response?
Thanks in advance.
Without DNS Type "nbtstat -A %ipaddress%" at the command prompt in the black window that opens, substituting the IP address for "%ipaddress%." Review the results and find the NETBIOS table. Locate a row where the type is "UNIQUE" and find the hostname of the computer in the "Name" column for that row.
This is another method to get the hostname from the IP address. Run the nslookup command with an IP address from which you want to get the hostname. This command works a bit differently from the ping command that is discussed above. See the syntax to run on command prompt (CMD).
Can IP addresses reveal identity? Yes, an IP address may be able to reveal identity, but more pragmatically, no, it cannot. The information required to get the actual user of an IP address at a specific point in time is considered private information, maintained by the ISP providing the IP address to their customer.
[System.Net.DNS]::GetHostByAddress()
(now [System.Net.DNS]::GetHostEntry()
) doesn't only rely on DNS, despite it's name. It will also check the local C:\Windows\System32\Drivers\etc\hosts
file for locally configured entries.
straight dns via nslookup
can't find the name:
PS C:\Users\Tim> nslookup 192.168.1.50
Server: dns03
Address: 192.168.2.103
*** rpi03 can't find 192.168.1.50: Non-existent domain
yet, gethostentry() still finds the name:
PS C:\Users\Tim> [system.net.dns]::gethostentry('192.168.1.50')
HostName Aliases AddressList
-------- ------- -----------
localentry {} {192.168.1.50}
COMMAND:
wmic.exe /node:10.20.30.40 OS get CSName /format:list
BATCH FILE FOR WHOLE SUBNET:
for /L %%z in (1,1,254) do wmic.exe /node:10.20.30.%%z OS get CSName /format:list 2>NUL
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With