[Dshield] Windows 2000 - Who's logged in?
wbeckham at yahoo.com
Thu Nov 21 04:54:47 GMT 2002
Thanks to everyone that pointed me to the NBTStat!
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Ed Truitt
Sent: Wednesday, November 20, 2002 6:02 PM
To: list at dshield.org
Subject: Re: [Dshield] Windows 2000 - Who's logged in?
If you are on a Windows box, you can use the "nbtstat -A <IP address of
target>" and look for <0> UNIQUE. There may be more than one, the
name likely will be one entry, the other(s) more than likely will be the
name(s) of the logged-in user(s).
If you are *nix, you may be able to find something out from the Samba
client programs - but I don't know enough about them to speak with
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP. Also, if
you send me UCE, I reserve the right to post your spew on my Web site,
with the appropriate color commentary, so that others may have a good
laugh at your expense."
----- Original Message -----
From: "Wayne Beckham" <wbeckham at yahoo.com>
To: <list at dshield.org>
Sent: Wednesday, November 20, 2002 11:41 AM
Subject: [Dshield] Windows 2000 - Who's logged in?
> Is there anyway to determine who's logged in at a particular IP
> address in Win2K? We have web-content monitors that identify a
> particular IP address, but not the user.
> I understand, of course, that it may not *actually* be the user the
> account is assigned to, but one thing at a time.
> - WB
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list