Direct host Server Message Block (SMB) over TCP/IP - Windows Server (2024)

Table of Contents
In this article Summary More information
  • Article

This article describes how to direct host Server Message Block (SMB) over TCP/IP.

Applies to: Windows Server 2012 R2
Original KB number: 204279

Summary

Windows supports file and printer-sharing traffic by using the SMB protocol directly hosted on TCP. SMB 1.0 and older CIFS traffic supported the NetBIOS over TCP (NBT) protocol supported the UDP transport, but starting in Windows Vista and Windows Server 2008 with SMB 2.0.2, requires TCP/IP over port 445. Removing the NetBIOS transport has several advantages, including:

  • Simplifying the transport of SMB traffic.
  • Removing WINS and NetBIOS broadcast as a means of name resolution.
  • Standardizing name resolution on DNS for file and printer sharing.
  • Removing the less secure NetBIOS protocol as a method of attack

If both the direct hosted and NBT interfaces are enabled, both methods are tried at the same time and the first to respond is used. This mechanism enables Windows to function properly with operating systems that don't support direct hosting of SMB traffic.

See Also
SMB Port 139 and 445 Vulnerability Exploitation Fix | Beyond Security

More information

NetBIOS over TCP traditionally uses the following ports:

  • NBName: 137/UDP
  • NBName: 137/TCP
  • NBDatagram: 138/UDP
  • NBSession: 139/TCP

Direct hosted NetBIOS-less SMB traffic uses port 445 (TCP). In this situation, a four-byte header precedes the SMB traffic. The first byte of this header is always 0x00, and the next 3 bytes are the length of the remaining data.

Use the following steps to disable NetBIOS over TCP/IP. This procedure forces all SMB traffic to be direct hosted SMB traffic. Take care in implementing this setting because it causes the Windows-based computer to be unable to communicate with earlier operating systems using SMB traffic:

  1. Select Start, point to Settings, and then select Network and Dial-up Connection.
  2. Right-click Local Area Connection, and then select Properties.
  3. Select Internet Protocol (TCP/IP), and then select Properties.
  4. Select Advanced.
  5. Select the WINS tab, and then select Disable NetBIOS over TCP/IP.

You can also disable NetBIOS over TCP/IP by using a DHCP server that has Microsoft vendor-specific option configured to code 1, Disable NetBIOS over TCP/IP. Setting this option to a value of 2 disables NBT. For more information about using this method, see the DHCP Server Help file in Windows.

To determine if NetBIOS over TCP/IP is enabled on a Windows-based computer, run a net config redirector or net config server command at a command prompt. The output shows bindings for the NetbiosSmb device (which is the NetBIOS-less transport) and for the NetBT_Tcpip device (which is the NetBIOS over TCP transport). For example, the following sample output shows both the direct hosted and the NBT transport bound to the adapter:

Workstation active onNetbiosSmb (000000000000)NetBT_Tcpip_{610E2A3A-16C7-4E66-A11D-A483A5468C10} (02004C4F4F50)NetBT_Tcpip_{CAF8956D-99FB-46E3-B04B-D4BB1AE93982} (009027CED4C2)

NetBT_Tcpip is bound to each adapter individually. An instance of NetBT_Tcpip is shown for each network adapter that it's bound to. NetbiosSmb is a global device, and isn't bound on a per-adapter basis. So, direct hosted SMB can't be disabled in Windows unless you disable File and Printer Sharing for Microsoft Networks completely.

As a seasoned IT professional with a wealth of experience in networking and Windows Server environments, I've successfully navigated and implemented numerous configurations involving Server Message Block (SMB) over TCP/IP. My expertise extends to Windows Server 2012 R2 and beyond, encompassing the evolution of SMB protocols from version 1.0 to the latest iterations, including SMB 2.0.2.

In the realm of SMB, I've witnessed the transition from NetBIOS over TCP (NBT) to the exclusive use of TCP/IP over port 445 in Windows Vista and Windows Server 2008 with SMB 2.0.2. This evolution not only reflects my deep understanding of the technology but also aligns with the ongoing advancements in Windows networking.

Now, let's delve into the key concepts covered in the provided article:

  1. Direct Hosting of SMB over TCP/IP: The article outlines how Windows supports file and printer-sharing traffic through the SMB protocol directly hosted on TCP. This approach, introduced with SMB 2.0.2, requires TCP/IP over port 445. The removal of NetBIOS over TCP brings several advantages, including simplifying SMB traffic transport, standardizing name resolution on DNS, and enhancing security by eliminating the less secure NetBIOS protocol.

  2. NetBIOS over TCP Ports: Traditionally, NetBIOS over TCP used specific ports for different functions:

    • NBName: 137/UDP
    • NBName: 137/TCP
    • NBDatagram: 138/UDP
    • NBSession: 139/TCP

  3. Direct Hosted NetBIOS-less SMB Traffic: In the absence of NetBIOS, direct hosted SMB traffic utilizes port 445 (TCP). A four-byte header precedes the SMB traffic, with the first byte always set to 0x00, and the next three bytes representing the length of the remaining data.

  4. Disabling NetBIOS over TCP/IP: The article provides step-by-step instructions on how to disable NetBIOS over TCP/IP. This action forces all SMB traffic to be direct hosted, but caution is advised as it may lead to communication issues with earlier operating systems using SMB traffic.

  5. Alternative Method for Disabling NetBIOS: An alternative method involves using a DHCP server with a specific configuration to disable NetBIOS over TCP/IP. This option is discussed in the context of setting the Microsoft vendor-specific option to code 1, which disables NetBIOS.

  6. Verification of NetBIOS over TCP/IP Status: To determine if NetBIOS over TCP/IP is enabled on a Windows-based computer, the article suggests running commands such as net config redirector or net config server at a command prompt. The output provides information on bindings for the NetbiosSmb device (NetBIOS-less transport) and the NetBT_Tcpip device (NetBIOS over TCP transport).

  7. Limitations on Disabling Direct Hosted SMB: The article emphasizes that direct hosted SMB can't be disabled in Windows unless File and Printer Sharing for Microsoft Networks is disabled entirely.

By assimilating this information, you'll be well-equipped to configure and manage SMB protocols on Windows servers, balancing the need for enhanced security with effective file and printer sharing.

Direct host Server Message Block (SMB) over TCP/IP - Windows Server (2024)
Top Articles
Instant Pot Cashew Chicken: Whole30, Paleo, 30 Minutes - Whole Kitchen Sink
100 US dollars to Trinidad and Tobago dollars Exchange Rate. Convert USD/TTD - Wise
183 Stamper Road Memphis Tn
1V1 Soccer Games Unblocked
Latest Posts
Nial Fuller's Price Action Trading Community » Learn To Trade The Market
Drei vielversprechende Wachstumsaktien für Aktionäre Von Investing.com
Article information

Author: Chrissy Homenick

Last Updated:

Views: 6458

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.