NetBIOS provides several services for other programs (like SMB/CIFs) including session and transport services (based off the OSI model). It runs over TCP/IP

Each service that uses NetBIOS also has a name which is limited to 16 characters, except the last character is reserved for the resource type.When a machine joins a NetBIOS network it registers its name and service by sending a network broadcast and/or by using a WINs server. A WINs server allows you to translate a NetBIOS name into an IP address. The following is a list of common services

[00] Workstation Service
[03] Messenger Service
[06] RAS Server Service
[1F] NetDDE Service
[20] Server Service
[21] RAS Client Service
[BE] Network Monitor Agent
[BF] Network Monitor Application
[03] Messenger Service
[1D] Master Browser
[1B] Domain Master Browser

[00] Domain Name
[1C] Domain Controllers
[1E] Browser Service Elections
[01h][01h]__MSBROWSE__[01h][01h] Master Browser

nbtstat is a tool that you can use to view and register NetBIOS names. To view registered names type the following

nbtstat -n

To view netbois names and services for another computer type the following:

nbtstat -a IP Address

As we said earlier NetBIOS runs over TCP/IP, here are the steps that occur for a connection to take place.

The NetBIOS name is translated into an IP address
A TCP session is established on TCP port 139
A NetBIOS session request is sent and a session is established.
Then the rest of the traffic is sent, for example file sharing traffic is sent (IE SMB).

NetBIOS Datagram are sent over UDP and are used for non-session services

Port 137 UDP – Used for NetBIOS name service
Port 138 UDP – Used for NetBIOS Datagram Service
Port 139 TCP – Used for NetBIOS sessions

If the machine has Server Service listed then they have file sharing turned on. You then can use net view to list all shares.

http://technet.microsoft.com/en-us/library/cc940063.aspx