Você precisa usar o script smb-os-discovery :
Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). This is done by starting a session with the anonymous account (or with a proper user account, if one is given; it likely doesn't make a difference); in response to a session starting, the server will send back all this information.
The following fields may be included in the output, depending on the circumstances (e.g. the workgroup name is mutually exclusive with domain and forest names) and the information available:
- OS
- Computer name
- Domain name
- Forest name
- FQDN
- NetBIOS computer name
- NetBIOS domain name
- Workgroup
- System time
Exemplo de uso
wget http://nmap.org/svn/scripts/smb-os-discovery.nse
nmap --script smb-os-discovery.nse -p445 192.168.1.0/24
sudo nmap -sU -sS --script smb-os-discovery.nse -p U:137,T:139 192.168.1.0/24
Methode alternativo: usando o protocolo de resolução de endereços arp
O comando arp -a
exibirá todos os nomes de host em sua Rede LAN