Server Message Blocks name shortcut SMB . SMB is a protocol used by Windows Operating systems. SMB provides a lot of windows operating system related services over the network. SMB mainly used for file sharing. In general SMB protocol is used for inter-process communication between the same host processes or remove host processes.
SMB Port 139 or 445
Newcomers to the Windows ecosystem generally confuses port numbers of SMB. SMB service is provided over two ports.
- TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in Windows operating systems over the network.
- TCP 445 is SMB over IP. This is a newer version where SMB can be consumed normally over the IP networks.
Check If Port 137,138,139 and 445 Is Open
If we want to check the ports 137,138,139 and 445 whether they are open we can use netstat command. This list open ports with TCP and UDP protocols.
As we can see from the example the TCP 445 is open and listening mode which means this system will accept connections to the 445 port.
SMB Over Netbios
Actually Netbios protocol works in TCP 139 and UDP 137 and UDP 138. So if we have a secure network that prevents access to the remote hosts we should add firewall allow TCP and UDP 137-139 rule. As an example, we should provide the NetBIOS hostname which is generally the same with DNS/DHCP provided hostname. In this example, we will connect the remote share named backup which is provided by the host.
\\srv1\backup
here we should provide the hostname where NetBIOS can find and connect remote system.
SMB Over IP
SMB over IP is a newer implementation of SMB. We do not need extra intermediate protocols like Netbios in this implementation. We can use SMB directly. As an example, we can use IP addresses in order to use SMB like file sharing.
\\192.168.1.10\backup
is sufficient to connect remote SMB share and port over the network.
SMB Security
As the Windows operating system and its protocols are the main targets for attackers we may need to create countermeasures for attacks. There are threads like below.
- NetBIOS worms which can swarm silently over the network.
PsExec is a tool that is used to remotely manage windows systems.SMB Vulnerabilities provides a thread for the systems.
We can prevent these threads by preventing SMB port access between networks or server groups which is not needed.
SMB1, SMB2, SMB3
SMB protocol has 3 versions where SMBv3 is the latest. Where SMB1 is supporting Netbios, SMB2 and SMB3 is only supported over IP which is TCP 445
SMB Protocol Operating System Support
While SMB is created by IBM is mainly developed by Microsoft. SMB is an open protocol which means other platforms can implement SMB freely. Linux supports the SMB protocol too.
FAQs
What are Ports 139 and 445? SMB is a network file sharing protocol that requires an open port on a computer or server to communicate with other systems. SMB ports are generally port numbers 139 and 445. Port 139 is used by SMB dialects that communicate over NetBIOS.
What is SMB port 445 used for? ›
Port 445 is a traditional Microsoft networking port with tie-ins to the original NetBIOS service found in earlier versions of Windows OSes. Today, port 445 is used by Microsoft Directory Services for Active Directory (AD) and for the Server Message Block (SMB) protocol over TCP/IP.
What are ports 135 139 and 445 used for? ›
Port 135 is used for RPC client-server communication, and ports 139 and 445 are used for authentication and file sharing. UDP ports 137 and 138 are used for local NetBIOS browser, naming, and lookup functions.
What is TCP port 139 used for? ›
Port 139 is utilized by NetBIOS Session service. Enabling NetBIOS services provide access to shared resources like files and printers not only to your network computers but also to anyone across the internet.
What is SMB stand for? ›
SMB is an abbreviation for a small and medium-sized business, sometimes called a small and midsize business. The terms are often used to refer to companies that are smaller in size and revenue than large corporations, but larger than microbusinesses or those run by an individual proprietor.
What does SMB port stand for? ›
What is the Server Message Block protocol? The Server Message Block protocol (SMB protocol) is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.
Is SMB port 139 TCP or UDP? ›
The SMB port number is TCP 445. If you've heard people saying the port number is 139, they could be partially correct.
How do I open port 139 and 445 on Windows 10? ›
Q #1) How do I open ports in Windows 10 firewall? Answer: From the Control Panel, navigate to System and Security, and click on Windows Firewall. Go to the Advanced settings and right-click on Inbound Rules on the left pane. Select New Rule, add the port and click Next.
How do I allow SMB traffic on port 445? ›
To add a firewall rule to allow TCP/445 (SMB/CIFS) and TCP/135 (RPC): Go to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP > Inbound Rules. Right-click and choose New Rule. Choose Port and click Next.
Is SMB 445 TCP or UDP? ›
Direct hosted NetBIOS-less SMB traffic uses port 445 (TCP).
Nmap is a powerful tool for enumerating SMB (Server Message Block) protocols. The basic command for SMB enumeration with Nmap is nmap -p 139,445 --script smb-enum-shares. nse [target IP address]. This command scans ports 139 and 445, which are commonly used by SMB protocols, and runs the smb-enum-shares.
How do I block TCP ports 139 and 445 at the firewall? ›
Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 445 under specific local ports, select TCP and press next.
How do I know if my SMB port is open? ›
It is a native system process that runs in the NT kernel. (2) If the kernel is running SMB, it can be detected by giving the command netstat -an to display all network listeners. If port 445 is listening, then it means the SMB server is running.
Is SMB protocol secure? ›
Generally speaking, SMB today is a highly secure protocol. For modern SMB implementations, here are some key takeaways for securing SMB: Do NOT use SMBv1. SMB1 lacks encryption, is inefficient, and has been exploited in the wild by ransomware attacks.
Does port 139 need to be open? ›
If you are on Windows-based network that is running NetBios, it is perfectly normal to have port 139 open in order to facilitate that protocol. If you are not on a network using NetBios, there is no reason to have that port open.
What is an example of a SMB? ›
Examples of SMBs
In B2C, a small to medium-sized business might include a local shop or restaurant, an Etsy shop, or a service-based business in your area. Larger businesses (aka enterprise companies) include companies like Amazon, Apple, or Starbucks.
How does SMB authentication work? ›
NTLM and the older LAN Manager (LM) encryption are supported by Microsoft SMB Protocol. Both encryption methods use challenge-response authentication, where the server sends the client a random string and the client returns a computed response string that proves the client has sufficient credentials for access.
What is the latest version of SMB? ›
SMB 3 (Server Message Block 3.0) is a protocol that provides a way for a computer's client applications to read and write to files from a server in a computer network. SMB 3.1. 1 is the latest version. SMB 3 is built in for Windows 8, 10, and 11 as well as Windows Server 2012, 2016, and 2022.
Is port 445 a vulnerability? ›
Ports 139 and 445 are used for 'NetBIOS' communication between two Windows 2000 hosts. In the case of port 445 an attacker may use this to perform NetBIOS attacks as it would on port 139. Impact: All NetBIOS attacks are possible on this host.
How do I access my SMB port? ›
How to access SMB share from windows over the internet with specific port number
- go to My computer.
- Click add network location.
- Enter x.x.x.x as ip (ofcourse I enter a real public IP)
- Then try to connect.
SMB relies on the TCP and IP protocols for transport. This combination allows file sharing over complex, interconnected networks, including the public Internet. The SMB server component uses TCP port 445.
How do I close port 139 and 445? ›
Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 445 under specific local ports, select TCP and press next.
Should port 139 be open? ›
If you are on Windows-based network that is running NetBios, it is perfectly normal to have port 139 open in order to facilitate that protocol. If you are not on a network using NetBios, there is no reason to have that port open.
