How do I find out what version of SMB is enabled on a remote host?

windows server-message-block

My local machine is running Windows 7, which supports the latest released version of the SMB protocol (SMB 2.1). I also have a remote host, and I don't know what operating system or SMB-support software is installed on that remote host; I only know that the remote host supports some version of the SMB protocol.

How can I find out, from the command prompt (or PowerShell) of my Windows 7 machine, what version of SMB is supported by that remote host?

Edit: although I mention Windows 7 above, I'm sure that this question is relevant to many system/network administrators or desktop support personnel, hence why I'm posting the question here instead of at superuser.com.


https://nmap.org/nsedoc/scripts/smb-protocols.html

Example Usage

nmap -p445 --script smb-protocols <target>
nmap -p139 --script smb-protocols <target>

On Windows 8 and higher, you can use the powerhsell command Get-SmbConnection to check which SMB version is used per connection.


The easiest way is to install WireShark and capture the packets, it will decode them and should show you a protocol version. They have an SMBv2 entry on their wiki, so the latest version of WireShark should decode it int the packet capture.


There are only two conceivable ways to determine a remote host's SMB version.

The First is to banner grab using telnet. Even then, you're not guaranteed that anything of use will come back. I can successfully connect to one of my SMB servers, but do not get any useful banner information.

The Second is to fingerprint the system over the network using a network security scanner. You'll have to search for a good tool thought, because you're still not guaranteed any success with determining what version of SMB is running. For example, I just used a quick scan with nmap on my network (that I know is running microsoft SMB on several endpoints) and I get no pertinent information as to what version of SMB it is running.


Here's what you do to pull the SMB version:

  1. Open Powershell as an Administrator. Right click on the icon and say "Run as Administrator".

  2. Now, you're going to run 2 commands within 10 seconds or else Windows closes the ports as unused.

    1. Run dir \\SERVERNAME\C$

    2. Run Get-SmbConnection: your "Dialect" column is the version of your SMB.

  3. Check the matrix on this link to make sure the OS corresponds to the correct OS version or you'll need to upgrade your SMB.

https://blogs.technet.microsoft.com/josebda/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/

SMB Stack Matrix

Related

Why (or how) does the number of open file descriptors in use by root exceed ulimit -n?
How to run two instances of apache on same system (Ubuntu)
Method to integrate Powershell scripts with non-Windows workflow?
using trailing slashes in nginx configuration
Banning IPv6 addresses
Check ufw default policy action
How do I make actual use an IPv4 block that I own?
Why are environment variables different with `bash -c`
How do I fix "no GLUE" problem with DNS lookups?
"Catch-All" access log with Apache Virtual Hosts?
When & how does logrotate run under Ubuntu 10.04?
Can I execute some commands when starting ssh session before getting to interactive mode?