≡ Menu

SMB (Server Message Block) — my today’s learning

Ever since I started managing Windows boxes, I am familiar with this word, SMB (Server Message Block). What it does? — it helps in accessing files on remote file System or on another windows server. What ports it uses 139 TCP, 138 UDP, 137(TCP/UDP) and 445 sometimes. So my answer to questions like what ports you need to access file shares on a server behind firewall is all aforementioned ports.

Well, that’s old story now. Today I got a chance to look much deeper into SMB protocol while helping one of my friend(and senior) to debug a problem. Let me ramble what I learned.

When Microsoft originally designed SMB, it was a wrapper on top of NetBIOS API. It used to use NetBIOS functions to access files on remote file systems over TCP. In those days, SMB used to use ports 137(tcp),138(udp) and 137(tcp&udp) for communication with other Systems. As the things improved and NetBIOS has became a legacy system. MS also want to get rid of it(not that easy at this moment I think). Since improvements to SMB are blocked by abilities of NetBIOS, they started making SMB independent of it called Direct-SMB. This Direct-SMB uses the port 445(TCP) for file sharing.

That is the story behind and now coming to the context of Windows Administrators, you need to understand which version of SMB your computer(s) are using. If the client computer has NetBIOS disabled, it tries to connect to the file server on port 445 for file access provided the file server is Windows server 2000 or above. If the client computer has NetBIOS(and WINS) enabled, the client computer uses NetBIOS and tries to contact file serve on 137(tcp),138(udp) and 137(tcp&udp) ports. Though Microsoft moved to Direct-SMB still they are supporting SMB over NetBIOS because many legacy systems are still using old APIs for data transfer. If a client tries to communicate using NetBIOS API, the server replies with same protocol.

How do you know if a computer has NetBIOS over TCP/IP enabled:

Just run the one of the below commands.

  • net config redirector
  • net config server

Verify NetBIOS over TCP/IP Status

If output contains NetBT_Tcpip, that means you have NetBIOS over TCP/IP enabled. You will see NetbiosSmb. Below is screenshot from my Windows 8 computer.

Disable NetBIOS over TCP/IP

If you want, you can disable NetBIOS over TCP/IP by following below steps.

  1. Click Start, point to Settings, and then click Network and Dial-up Connection.
  2. Right-click Local Area Connection, and then click Properties.
  3. Click Internet Protocol (TCP/IP), and then click Properties.
  4. Click Advanced.
  5. Click the WINS tab, and then click Disable NetBIOS over TCP/IP.

Conclusion:

So when anyone asks what ports required for access files share on a behind firewall server, my next question would be “Is NetBIOS over TCP/IP enabled or disabled?”.

Thanks for reading. Hope you learned some time too. Happy learning.