Direct host Server Message Block (SMB) over TCP/IP - Windows Server (2024)

Table of Contents
In this article Summary More information FAQs
  • Article

This article describes how to direct host Server Message Block (SMB) over TCP/IP.

Applies to: Windows Server 2012 R2
Original KB number: 204279

Summary

Windows supports file and printer-sharing traffic by using the SMB protocol directly hosted on TCP. SMB 1.0 and older CIFS traffic supported the NetBIOS over TCP (NBT) protocol supported the UDP transport, but starting in Windows Vista and Windows Server 2008 with SMB 2.0.2, requires TCP/IP over port 445. Removing the NetBIOS transport has several advantages, including:

  • Simplifying the transport of SMB traffic.
  • Removing WINS and NetBIOS broadcast as a means of name resolution.
  • Standardizing name resolution on DNS for file and printer sharing.
  • Removing the less secure NetBIOS protocol as a method of attack

If both the direct hosted and NBT interfaces are enabled, both methods are tried at the same time and the first to respond is used. This mechanism enables Windows to function properly with operating systems that don't support direct hosting of SMB traffic.

See Also
SMB Port 139 and 445 Vulnerability Exploitation Fix | Beyond SecurityWhat is SMB 3.0 (Server Message Block 3.0)? – TechTarget definitionHow to access SMB share from windows over the internet with specific port number - Microsoft Q&AEnumerating SMB with Nmap - Scaler Topics

More information

NetBIOS over TCP traditionally uses the following ports:

  • NBName: 137/UDP
  • NBName: 137/TCP
  • NBDatagram: 138/UDP
  • NBSession: 139/TCP

Direct hosted NetBIOS-less SMB traffic uses port 445 (TCP). In this situation, a four-byte header precedes the SMB traffic. The first byte of this header is always 0x00, and the next 3 bytes are the length of the remaining data.

Use the following steps to disable NetBIOS over TCP/IP. This procedure forces all SMB traffic to be direct hosted SMB traffic. Take care in implementing this setting because it causes the Windows-based computer to be unable to communicate with earlier operating systems using SMB traffic:

  1. Select Start, point to Settings, and then select Network and Dial-up Connection.
  2. Right-click Local Area Connection, and then select Properties.
  3. Select Internet Protocol (TCP/IP), and then select Properties.
  4. Select Advanced.
  5. Select the WINS tab, and then select Disable NetBIOS over TCP/IP.

You can also disable NetBIOS over TCP/IP by using a DHCP server that has Microsoft vendor-specific option configured to code 1, Disable NetBIOS over TCP/IP. Setting this option to a value of 2 disables NBT. For more information about using this method, see the DHCP Server Help file in Windows.

To determine if NetBIOS over TCP/IP is enabled on a Windows-based computer, run a net config redirector or net config server command at a command prompt. The output shows bindings for the NetbiosSmb device (which is the NetBIOS-less transport) and for the NetBT_Tcpip device (which is the NetBIOS over TCP transport). For example, the following sample output shows both the direct hosted and the NBT transport bound to the adapter:

Workstation active onNetbiosSmb (000000000000)NetBT_Tcpip_{610E2A3A-16C7-4E66-A11D-A483A5468C10} (02004C4F4F50)NetBT_Tcpip_{CAF8956D-99FB-46E3-B04B-D4BB1AE93982} (009027CED4C2)

NetBT_Tcpip is bound to each adapter individually. An instance of NetBT_Tcpip is shown for each network adapter that it's bound to. NetbiosSmb is a global device, and isn't bound on a per-adapter basis. So, direct hosted SMB can't be disabled in Windows unless you disable File and Printer Sharing for Microsoft Networks completely.

See Also
Microsoft SMB Protocol Authentication - Win32 apps

As a seasoned IT professional with a wealth of experience in networking and Windows Server environments, I've successfully navigated and implemented numerous configurations involving Server Message Block (SMB) over TCP/IP. My expertise extends to Windows Server 2012 R2 and beyond, encompassing the evolution of SMB protocols from version 1.0 to the latest iterations, including SMB 2.0.2.

In the realm of SMB, I've witnessed the transition from NetBIOS over TCP (NBT) to the exclusive use of TCP/IP over port 445 in Windows Vista and Windows Server 2008 with SMB 2.0.2. This evolution not only reflects my deep understanding of the technology but also aligns with the ongoing advancements in Windows networking.

Now, let's delve into the key concepts covered in the provided article:

  1. Direct Hosting of SMB over TCP/IP: The article outlines how Windows supports file and printer-sharing traffic through the SMB protocol directly hosted on TCP. This approach, introduced with SMB 2.0.2, requires TCP/IP over port 445. The removal of NetBIOS over TCP brings several advantages, including simplifying SMB traffic transport, standardizing name resolution on DNS, and enhancing security by eliminating the less secure NetBIOS protocol.

  2. NetBIOS over TCP Ports: Traditionally, NetBIOS over TCP used specific ports for different functions:

    • NBName: 137/UDP
    • NBName: 137/TCP
    • NBDatagram: 138/UDP
    • NBSession: 139/TCP

  3. Direct Hosted NetBIOS-less SMB Traffic: In the absence of NetBIOS, direct hosted SMB traffic utilizes port 445 (TCP). A four-byte header precedes the SMB traffic, with the first byte always set to 0x00, and the next three bytes representing the length of the remaining data.

  4. Disabling NetBIOS over TCP/IP: The article provides step-by-step instructions on how to disable NetBIOS over TCP/IP. This action forces all SMB traffic to be direct hosted, but caution is advised as it may lead to communication issues with earlier operating systems using SMB traffic.

  5. Alternative Method for Disabling NetBIOS: An alternative method involves using a DHCP server with a specific configuration to disable NetBIOS over TCP/IP. This option is discussed in the context of setting the Microsoft vendor-specific option to code 1, which disables NetBIOS.

  6. Verification of NetBIOS over TCP/IP Status: To determine if NetBIOS over TCP/IP is enabled on a Windows-based computer, the article suggests running commands such as net config redirector or net config server at a command prompt. The output provides information on bindings for the NetbiosSmb device (NetBIOS-less transport) and the NetBT_Tcpip device (NetBIOS over TCP transport).

  7. Limitations on Disabling Direct Hosted SMB: The article emphasizes that direct hosted SMB can't be disabled in Windows unless File and Printer Sharing for Microsoft Networks is disabled entirely.

By assimilating this information, you'll be well-equipped to configure and manage SMB protocols on Windows servers, balancing the need for enhanced security with effective file and printer sharing.

Direct host Server Message Block (SMB) over TCP/IP - Windows Server (2024)

FAQs

What is Server Message Block SMB protocol over TCP IP? ›

SMB serves as the basis for Microsoft's Distributed File System implementation. SMB relies on the TCP and IP protocols for transport. This combination allows file sharing over complex, interconnected networks, including the public Internet. The SMB server component uses TCP port 445.

Read On
What is the purpose of the Server Message Block SMB protocol on Windows networks? ›

What is the Server Message Block protocol? The Server Message Block protocol (SMB protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. It can also carry transaction protocols for interprocess communication.

Discover More Details
How do I stop Port 445 from listening? ›

Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 445 under specific local ports, select TCP and press next.

Continue Reading
What is the port number for small message block SMB over TCP? ›

SMB uses either IP port 139 or 445. Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack.

See Details
How do I disable SMB on my server? ›

Step 1: Open control panel Step 2: Navigate to programs and features. Step 3: Click on "Turn Windows features on or off. Step 4: Disable "(Server Message Block) SMB v1"Step 5 : Click ok.

Find Out More
What is a SMB server for Windows? ›

The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network.

Tell Me More
Should I turn off SMB? ›

While disabling or removing SMBv1 might cause some compatibility issues with old computers or software, SMBv1 has significant security vulnerabilities, and we strongly encourage you not to use it.

Show Me More
Does Windows Firewall block SMB? ›

Inbound connections to a computer

For Windows clients and servers that do not host SMB shares, you can block all inbound SMB traffic by using the Windows Defender Firewall to prevent remote connections from malicious or compromised devices. In the Windows Defender Firewall, this includes the following inbound rules.

Explore More
How to check if a SMB port is open? ›

While port 139 and 445 aren't inherently dangerous, there are known issues with exposing these ports to the Internet. You can check if a port is open by using the netstat command. There is a common misconception that an open port is dangerous.

Continue Reading
What happens if I block port 445? ›

Note that blocking TCP 445 will prevent file and printer sharing, including over apps – if this is required for business, you may need to leave the port open on some internal firewalls or use encryption keys.

Show Me More

How to check if port 445 is blocked? ›

On the diagnostics page, you can check the status for both ports 445, and 1433, and internet speed. If either 445 or 1433 are blocked you will receive an error when performing the respective test. For internet speed, if you are in an office environment, we recommend a minimum of 50 Mbps each way (Download & Upload).

Read The Full Story
Is port 445 a vulnerability? ›

Despite its utility, TCP 445's open nature can also be its Achilles' heel, exposing networks to unauthorized access and malicious exploits. Cybercriminals can leverage vulnerabilities in this port to inject malware, ransomware, or carry out Denial of Service (DoS) attacks.

See Details
What is Server Message Block SMB and why is it important? ›

Server message block (SMB) is a client/server communication protocol that provides shared access to files, whole directories, and network resources such as printers across a network. It is also used to carry transaction protocols for authenticated interprocess communication.

Get More Info Here
What is the best port for SMB? ›

Modern Windows versions rely on port 445 for SMB traffic, making it a critical component of contemporary network architectures.

Continue Reading
How to check SMB connection in Windows? ›

The Get-SmbConnection cmdlet retrieves the connections established from the Server Message Block (SMB) client to the SMB servers. Users can connect to an SMB share using credentials different than the associated logon credentials so that there will be a connection listed per share per user logon per credential used.

View More
What is SMB over IP? ›

SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.

View Details
Which port does SMB over TCP IP use? ›

Port 445 allows SMB to operate directly over TCP/IP, bypassing the older NetBIOS layer, which is less secure and more complex. This transition underscores the importance of adapting to newer protocols to enhance network security and performance.

See More
What is the SMB protocol over the internet? ›

The SMB protocol (the Server Message Block) is a network protocol that enables users to communicate with remote computers and servers (e.g., to share resources or files). It's also referred to as the server/client protocol because the server has a resource that it can share with the client.

Learn More
Is the SMB protocol secure? ›

SMB Encryption offers an end-to-end privacy and integrity assurance between the file server and the client. It provides this security regardless of the networks traversed, such as wide area network (WAN) connections maintained by non-Microsoft providers.

Discover More Details
Top Articles
Places You Can Find Gold to Recycle, Use, or Sell
Here's what 'wealthy' means in 2023 America, in five numbers
Katie Pavlich Bikini Photos
Gamevault Agent
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Free Atm For Emerald Card Near Me
Craigslist Mexico Cancun
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Doby's Funeral Home Obituaries
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Select Truck Greensboro
How To Cut Eelgrass Grounded
Craigslist In Flagstaff
Shasta County Most Wanted 2022
Energy Healing Conference Utah
Testberichte zu E-Bikes & Fahrrädern von PROPHETE.
Aaa Saugus Ma Appointment
Geometry Review Quiz 5 Answer Key
Walgreens Alma School And Dynamite
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Dmv In Anoka
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Pixel Combat Unblocked
Umn Biology
Cvs Sport Physicals
Mercedes W204 Belt Diagram
Rogold Extension
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Colin Donnell Lpsg
Teenbeautyfitness
Weekly Math Review Q4 3
Facebook Marketplace Marrero La
Nobodyhome.tv Reddit
Topos De Bolos Engraçados
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hampton In And Suites Near Me
Stoughton Commuter Rail Schedule
Bedbathandbeyond Flemington Nj
Free Carnival-themed Google Slides & PowerPoint templates
Otter Bustr
San Pedro Sula To Miami Google Flights
Selly Medaline
Latest Posts
How to Install an SSL Certificate on Azure - SSL Dragon
Tutorial: Secure a web server with TLS/SSL certificates - Azure Virtual Machines
Article information

Author: Chrissy Homenick

Last Updated:

Views: 6458

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.