What is NetBIOS? Does Windows need its ports 137 and 138 open?

windows netbios

From hackerthreads.org:

NetBIOS stands for Network basic input output system and is used in Windows for its file and printer sharing.

From Wikipedia:

It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network.

From TechNet:

A Session layer programming interface. NetBIOS is a standard application programming interface (API) at the Session layer of the Open Systems Interconnect (OSI) reference model so that user applications can utilize the services of installed network protocol stacks. An application that uses the NetBIOS interface API for network communication can be run on any protocol stack that supports a NetBIOS interface.`

A session management and data transport protocol NetBIOS is also a protocol that functions at the Session and Transport layers and that provides commands and support for the following services:

  • Network name registration and verification.
  • Session establishment and termination.
  • Reliable connection-oriented session data transfer.
  • Unreliable connectionless datagram data transfer.
  • Protocol and adapter monitoring and management.

NetBIOS over TCP/IP (NetBT) sends the NetBIOS protocol over the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP).

From another TechNet article, NetBIOS implementation over TCP/IP?:

The Windows 2000 implementation of NetBIOS over TCP/IP is referred to as NetBT. NetBT uses the following TCP and UDP ports:

  • UDP port 137 (name services)
  • UDP port 138 (datagram services)

  • TCP port 139 (session services)

    NetBIOS over TCP/IP is specified by RFC 1001 and RFC 1002. The Netbt.sys driver is a kernel -mode component that supports the TDI interface. Services such as workstation and server use the TDI interface directly, while traditional NetBIOS applications have their calls mapped to TDI calls through the Netbios.sys driver. Using TDI to make calls to NetBT is a more difficult programming task, but can provide higher performance and freedom from historical NetBIOS limitations.

The architecture would be like this:

You can try a hack on NetBIOS over SSN – NetBIOS usage in Linux:

C:\>nbtstat.exe -a morpheus

<Local Adapter Name>:
Node IpAddress: [<local IP address>] Scope Id: []
NetBIOS Remote Machine Name Table
Name    Type    Status
MORPHEUS <00>   UNIQUE  Registered
MATRIX <00>     GROUP   Registered
MORPHEUS <20>   UNIQUE  Registered

MAC Address = <Remote MAC address>

C:\>nbtstat.exe -c

<Local Adapter Name>:
Node IpAddress: [<local IP address>] Scope Id: []

How does NetBT behave over DNS/internet enhancements:


I just wanted to add that for versions of Windows from Windows 2000 and onward, all of the legacy NetBIOS functionality from ports 137, 138 and 139 is by default handled by SMB (Server Message Block) over port 445. If the computers on both end of the network connection are Windows 2000 or later, you can safely block ports 137, 138 and 139 as long as port 445 is open

Related

How to concatenate a date in MS-excel and receive a date (not a number)
Should I split VMware virtual disk into multiple files or not?
What does the path '/../' mean?
Copy the output of the last command in iTerm2
how to beep on tail -f event
Dynamic vs Basic Disk - Hard Drives
How to diff directories for different files, but not line-by-line
Why does Adobe Acrobat scroll so slowly, and what can I do about it?
How to change audio frequency?
OS X Lion new Finder view that doesn't allow sorting
Finding Image resolution in PDF file?
Error installing Arch Linux