findsmb

findsmb [hostname ...]

findsmb is a lightweight utility from the Samba suite designed to scan and list SMB/CIFS servers on the local network. It sends NetBIOS name service broadcast queries (UDP port 137) and performs SMB negotiations (TCP 139/445) to detect hosts advertising SMB services, similar to Windows Network Neighborhood.

Without arguments, it scans the local subnet using the interface's broadcast address, querying potential hosts (e.g., 192.168.1.0/24). For each responsive server, it displays: IP address, NetBIOS name, workgroup/domain, server type (e.g., Workstation, Server, PDC), OS identification (e.g., Windows 10, Samba), and maximum SMB protocol dialect supported (e.g., NT1, SMB2_10).

Specifying one or more hostname or IP addresses limits queries to those targets. Output resembles:
192.168.1.100 myserver WORKGROUP Server [] Windows 10.0 SMB3_11

This aids network admins in discovering Windows PCs, Samba servers, or NAS devices without Active Directory. Effectiveness relies on NetBIOS being enabled; modern setups using WS-Discovery or mDNS may evade detection. No configuration files are read by default.

Limited to local broadcast domains; blocked by routers/firewalls; requires NetBIOS on targets (often disabled); root privileges may improve raw socket access; ignores IPv6.

192.168.1.50 HOSTNAME1 DOMAIN1 Workstation [] Samba 4.15.5 SMB3_11
192.168.1.75 winpc WORKGROUP Server [] Windows 10 NT1

findsmb (scan subnet)
findsmb 192.168.1.* (scan range)
findsmb myserver.local (specific host)

Developed as part of Samba (started 1992 by Andrew Tridgell); appeared in early 1.x releases for SMB network browsing; evolved minimally, remains in Samba 4.x for legacy NetBIOS support.

nmblookup(1), smbclient(1), smbstatus(1), nbtstat(8)