Server Message Blocks name shortcut SMB is very familiar for us. SMB is a protocol used by Windows Operating systems. SMB provides a lot of windows operating system related services over network. SMB mainly used for file sharing.
New comers to the Windows ecosystem generally confuses port numbers of SMB. SMB service is provided over two ports.
- TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in windows operating systems over network.
- TCP 445 is SMB over IP. This is newer version where SMB can be consumed normally over IP network.
If we want to check the ports 137,138,139 and 445 whether they are open we can use netstat command. This list open ports with TCP and UDP protocols.
Check If Port 137,138,139 and 445 Is Open
Mar 09, 2003 Port 445 is a very active port on machines running Win2k and newer. It is used for the same functions that port 139 was used for on NT 4 and Win9x machines. This was basically NetBIOS over TCP/IP and SMB/CIFS traffic. Aug 29, 2013 Port 445 Details 445 tcp microsoft-ds TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. This service is only implemented in the more recent verions of Windows (e.g. Windows 2K / XP). The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2K/XP.
As we can see from the example the TCP 445 is open and listening mode which means this system will accept connections to the 445 port.
Actually Netbios protocol works in the TCP 139 and UDP 137 and UDP 138 . So if we have secure network which prevents access to the remote hosts we should add firewall allow TCP and UDP 137-139 rule. As an example we should provide the netbios hostname which is generally the same with dns/dhcp provided host name. In this example we will connect remote share named backup which is provided by host srv1
here we should provide the hostname where netbios can find and connect remote system.
SMB over IP is newer implementation of SMB. We do not need extra intermediate protocol like Netbios in this implementation. We can use SMB directly. As an example we can use IP address in order to use SMB like file sharing.
Tcp Port 445 Microsoft Ds
is sufficient to connect remote SMB share and port over network.
Microsoft-ds Port 445 Parts
SMB Over IP
Port 445 Wiki
As windows operating system and its protocols are main target for attackers we may need to create countermeasures for attacks. There are threads like
- NetBIOS worms which can swarm silently over network
PsExecis a tool which is used to remotely manage windows systems.SMB Vulnerabilitiesprovides thread for the systems.
We can prevent these threads by preventing SMB port access between networks or server groups which is not needed.
SMB protocol have 3 versions where SMBv3 is the latest. Where SMB1 is supporting Netbios, SMB2 and SMB3 is only supported over IP which is TCP 445
Microsoft Ds Port 445 High Traffic
While SMB is created by IBM is mainly developed by Microsoft. SMB is an open protocol which means other platforms can be implement SMB freely. Linux supports the SMB protocol too.