SMB & NetBIOS
Last updated
Last updated
SMB is a network protocol used for sharing files, printers, and other resources between computers, primarily in Windows environments. It enables communication between a client and a server, allowing users to access remote files as if they were local. SMB operates over port 445 and is commonly used in enterprise networks. Older versions, such as SMBv1, have security vulnerabilities like EternalBlue (MS17-010), which was exploited in major cyberattacks.
SMB 1.0: The first version of the Server Message Block (SMB) protocol, used for file and printer sharing in Windows networks. It is outdated and vulnerable to exploits like EternalBlue (MS17-010). Microsoft disabled it by default in modern Windows versions due to security risks.
SMB 2.0/2.1: Introduced in Windows Vista and Server 2008, SMB 2.0 significantly improved performance by reducing command overhead and supporting larger buffer sizes. SMB 2.1 (Windows 7, Server 2008 R2) added further optimizations, including lease-based caching for better efficiency.
SMB 3.0+: Introduced in Windows 8 and Server 2012, SMB 3.0 added major security and performance improvements, including encryption, signing, and multichannel support for better speed and resilience. Later versions (e.g., SMB 3.1.1 in Windows 10 and Server 2016) further strengthened security with improved encryption and authentication.
Older versions of SMB (before SMB 2.0) relied on NetBIOS over TCP/IP, operating on port 139 for file sharing. However, modern SMB versions communicate directly over port 445, eliminating the need for NetBIOS. Many networks disable NetBIOS to enhance security and reduce attack surfaces.
NetBIOS is a legacy networking protocol that enables communication between Windows devices on a local network. It provides name resolution and session services, allowing applications on different computers to find and interact with each other. NetBIOS primarily operates over ports 137, 138, and 139, and was historically used for SMB communication before SMB shifted to port 445.
Name Service (NetBIOS-NS) – Registers and resolves computer names within a local network.
Datagram Service (NetBIOS-DGM) – Provides connectionless communication and broadcasting.
Session Service (NetBIOS-SSN) – Supports reliable, connection-oriented communication between devices.
Although modern networks mostly rely on DNS for name resolution, NetBIOS is still occasionally used in legacy Windows environments.
In Windows, SMB is the backbone of file sharing and network communication, while NetBIOS was historically used for name resolution and service discovery. Many modern Windows environments disable NetBIOS for security reasons, relying instead on DNS and Active Directory. SMB remains crucial for file servers and corporate networks, but outdated versions (e.g., SMBv1) should be disabled to prevent security risks.