Server Message Blocks name shortcut
SMB . SMB is a protocol used by Windows Operating systems. SMB provides a lot of windows operating system related services over the network. SMB mainly used for file sharing. In general SMB protocol is used for inter-process communication between the same host processes or remove host processes.
SMB Port 139 or 445
Newcomers to the Windows ecosystem generally confuses port numbers of SMB. SMB service is provided over two ports.
- TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in Windows operating systems over the network.
- TCP 445 is SMB over IP. This is a newer version where SMB can be consumed normally over the IP networks.
Check If Port 137,138,139 and 445 Is Open
If we want to check the ports 137,138,139 and 445 whether they are open we can use
netstat command. This list open ports with TCP and UDP protocols.
As we can see from the example the TCP 445 is open and listening mode which means this system will accept connections to the 445 port.
SMB Over Netbios
Actually Netbios protocol works in TCP 139 and UDP 137 and UDP 138. So if we have a secure network that prevents access to the remote hosts we should add firewall allow TCP and UDP 137-139 rule. As an example, we should provide the NetBIOS hostname which is generally the same with DNS/DHCP provided hostname. In this example, we will connect remote share named
backup which is provided by host
here we should provide the hostname where NetBIOS can find and connect remote system.
SMB Over IP
SMB over IP is a newer implementation of SMB. We do not need extra intermediate protocols like Netbios in this implementation. We can use SMB directly. As an example, we can use IP addresses in order to use SMB like file sharing.
is sufficient to connect remote SMB share and port over the network.
As the Windows operating system and its protocols are the main targets for attackers we may need to create countermeasures for attacks. There are threads like
- NetBIOS worms which can swarm silently over network
- `PsExec` is a tool that is used to remotely manage windows systems.
- `SMB Vulnerabilities` provides a thread for the systems.
We can prevent these threads by preventing SMB port access between networks or server groups which is not needed.
SMB1, SMB2, SMB3
SMB protocol has 3 versions where SMBv3 is the latest. Where SMB1 is supporting Netbios, SMB2 and SMB3 is only supported over IP which is TCP 445
Operating System Support
While SMB is created by IBM is mainly developed by Microsoft. SMB is an open protocol which means other platforms can implement SMB freely. Linux supports the SMB protocol too.