How to Scan for Computers that Use NetBIOS
Your tool of choice is a port scanner. Any computer that is running something on port 139 is likely (but not certain) to be using NetBIOS. Most crackers use nmap to port scan. This tool runs on Unix/Linux type computers. You can get it at http://www.insecurity.org/. There is also a Windows version of nmap, but it isn't very good. A better choice for Windows is Whats Up from http://www.ipswitch.com/. You can get a one month free trial of it.
Here's an example of an nmap scan of Oldguy:
test-box:/home/cmeinel # nmap -sTU 10.0.0.2
Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
As you can see from this scan, three ports are identified with NetBIOS. This tells us that we could set nmap to scan a large number of Internet addresses, only looking for port 139 on each. To learn how to set up nmap to run this way, in your Unix or Linux shell give the command "man nmap".
For more on what crackers do once they break into a computer using NetBIOS (like installing back doors), see http://www.happyhacker.org/gtmhh/vol3no10.shtml. You can get really, big time, punched in the nose warning: If you visit the same computer or LAN really often to see what's new and to try different things, even if you don't break the law you'd better be doing it with the permission of the owner. Otherwise you may make enemies who might crash or destroy your operating system. And that is only what they may do when feeling mellow. After a night of hard drinking - well, you don't want to find out.
Interesting ports on (10.0.0.2):
(The 3060 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
70/tcp open gopher
80/tcp open http
135/tcp open loc-srv
135/udp open loc-srv
137/udp open netbios-ns
138/udp open netbios-dgm
139/tcp open netbios-ssn
500/udp open isakmp
You can get punched in the nose warning: if you use a port scanner against networks that haven't given you permission to scan, you will be waving a red flag that says "Whaddaya wanna bet I'm a computer criminal?" You can't get arrested for merely port scanning, but people who don't like being scanned might get you kicked off your Internet service provider.