SMB (Server Message Block) is a network protocol that allows access to files, printers, and other resources within a local network. It is primarily used in Windows en­vi­ron­ments to enable file and service sharing between computers.

What is SMB (Server Message Block)?

SMB (Server Message Block) is a client-server protocol that manages access to files and entire di­rec­to­ries as well as other network resources like printers, routers, or in­ter­faces shared within the network. The exchange of in­for­ma­tion between different processes of a system (also known as inter-process com­mu­ni­ca­tion) can also be handled based on the SMB protocol.

IONOS Cloud Object Storage
Secure, af­ford­able storage

Cost-effective, scalable storage that in­te­grates into your ap­pli­ca­tion scenarios. Protect your data with highly secure servers and in­di­vid­ual access control.

Developed by the IT cor­po­ra­tion IBM in 1983, various versions and im­ple­men­ta­tions of the protocol have been released over the past decades. SMB was first made available to a wider audience with the OS/2 network operating system LAN Manager and its successor LAN Server. Since then, its main area of ap­pli­ca­tion has been the Windows operating system series, whose network services support SMB with backward com­pat­i­bil­i­ty—allowing devices with newer editions to com­mu­ni­cate seam­less­ly with devices running an older Microsoft operating system.

With the open-source software project Samba, there is also a solution that enables the use of Server Message Block in Linux and Unix dis­tri­b­u­tions, allowing for cross-platform com­mu­ni­ca­tion via SMB.

Note

In Windows NT 4.0, Microsoft in­tro­duced its im­ple­men­ta­tion of the SMB protocol under the name Common Internet File System (CIFS). Initially, the term was often used in­ter­change­ably with the broader SMB protocol family. Today, however, CIFS is primarily rec­og­nized as the label for the original SMB version 1.0.

How does SMB work?

The Server Message Block protocol enables the client to com­mu­ni­cate with other par­tic­i­pants in the same network, thereby accessing files or services shared with it in the network. The other system must also implement the network protocol to receive and process the re­spec­tive client request using an SMB server ap­pli­ca­tion. Prior to this, both parties must establish a con­nec­tion, which requires them to exchange cor­re­spond­ing messages.

In IP networks, SMB uses the Trans­mis­sion Control Protocol (TCP), which provides for a three-way handshake between the client and server before a con­nec­tion is finally es­tab­lished. The sub­se­quent transport of data is also governed by the spec­i­fi­ca­tions of the TCP protocol.

Note

For es­tab­lish­ing con­nec­tions and trans­mis­sion via TCP/SMB, TCP port 445 is currently reserved. Address res­o­lu­tion typically works through the Domain Name System (DNS) or in smaller networks via Link-Local Multicast Name Res­o­lu­tion (LLMNR).

Image: Diagram: Server Message Block
Once a con­nec­tion is es­tab­lished over TCP, the SMB client and SMB server can exchange messages to query or provide files or services over the network.

Evolution of the SMB Protocol and the different versions

As mentioned earlier, since SMB was first released in 1983, there have been several ad­just­ments to the network standard, which have been recorded in different protocol versions—starting with SMB 1.0 and up to the current version SMB 3.1.1, in­tro­duced by Microsoft alongside Windows 10. The following sections summarize the key steps in the de­vel­op­ment of the Server Message Block protocol.

SMB 1.0 (CIFS)

The first version of the network com­mu­ni­ca­tion protocol is often equated with the pre­vi­ous­ly mentioned variant Common Internet File System (CIFS). However, the latter actually refers to just an aspect of the first protocol edition—specif­i­cal­ly the im­ple­men­ta­tion of the protocol in devices with Windows NT 4.0. In this initial version, com­mu­ni­ca­tion over the NetBIOS interface as well as UDP-ports 137 (name res­o­lu­tion) and 138 (packet delivery) and TCP-port 139 (con­nec­tion setup and transport) were intended. With Windows 2000, the de­pen­den­cy on NetBIOS was elim­i­nat­ed, allowing the protocol now of­fi­cial­ly referred to as SMB 1.0 to enable the direct con­nec­tion over TCP (port 445) that is still used today.

SMB 2.0

Microsoft delivered the first major revision of Server Message Block in November 2006, along with the operating system Windows Vista. Although the protocol—now known as SMB 2.0 or 2—remained pro­pri­etary, the software company also published the spec­i­fi­ca­tion for the first time to enable other systems to com­mu­ni­cate with Windows operating systems. The most important in­no­va­tions of the second protocol version were as follows:

  • Reduction of commands and sub­com­mands from over 100 to 19
  • Optimized per­for­mance thanks to the new queue function for SMB requests
  • Support for symbolic links (links to files or di­rec­to­ries)
  • Caching of file at­trib­ut­es
  • Enhanced message signing (HMAC-SHA-256 algorithm)
  • Improved scal­a­bil­i­ty due to a higher maximum number of clients, shares, and si­mul­ta­ne­ous­ly open files

For com­pat­i­bil­i­ty reasons, the first protocol version was retained—a measure Microsoft also continued in sub­se­quent versions.

SMB 2.1

Version 2.1 of the SMB protocol is closely as­so­ci­at­ed with Windows 7. The revised edition of the second protocol version was released alongside the operating system in 2007, in­tro­duc­ing mainly new locking mech­a­nisms for better reg­u­la­tion of file access (reading, writing, deleting, etc.), alongside some minor per­for­mance op­ti­miza­tions.

SMB 3.0

In 2012, Windows 8 was released, along with a new version of Server Message Block, initially listed as SMB 2.2, but later received the des­ig­na­tion SMB 3.0, which is still valid today. This protocol revision also aims to improve the per­for­mance and security of SMB con­nec­tions—par­tic­u­lar­ly in vir­tu­al­ized data centers. The boost is primarily due to the following new features:

  • Pos­si­bil­i­ty of remote storage access thanks to SMB over RDMA (Remote Direct Memory Access)
  • Mul­ti­chan­nel function allows the es­tab­lish­ment of multiple con­nec­tions per SMB session
  • Trans­par­ent failover
  • End-to-end en­cryp­tion
Note

With SMB 3.0.2, the third protocol version was im­ple­ment­ed in Windows 8.1 without any major in­no­va­tions.

SMB 3.1.1

SMB 3.1.1 (released in 2015 with Windows 10) extends the protocol series with an integrity check before au­then­ti­ca­tion based on SHA-512 hashes. Ad­di­tion­al­ly, the version relies on AES-128 en­cryp­tion with Galois/Counter Mode (GCM). For all com­mu­ni­cat­ing devices with SMB 2.0 or higher, SMB 3.1.1 makes a secure con­nec­tion mandatory.

Overview of SMB versions in table form

SMB version Supported since New features
CIFS Windows NT 4.0 Com­mu­ni­ca­tion via NetBIOS interface
SMB 1.0 Windows 2000 Direct con­nec­tion via TCP
SMB 2.0 Windows Vista, Windows Server 2008, Samba 3.5 Various per­for­mance upgrades, improved message signing, caching function for file prop­er­ties
SMB 2.1 Windows 7, Windows Server 2008 R2 Locking mech­a­nisms
SMB 3.0 Windows 8, Windows Server 2012, Samba 4.0 Mul­ti­chan­nel con­nec­tions, end-to-end en­cryp­tion, remote storage access
SMB 3.0.2 Windows 8.1, Windows Server 2012 R2 No major in­no­va­tions
SMB 3.1.1 Windows 10, Windows Server 2016, Samba 4.3 Integrity check, AES-128 en­cryp­tion with Galois/Counter Mode (GCM)
Image: ION_CA_DG-VPS_Fallback_960x320.png
Image: ION_CA_DG-VPS_Fallback_1200x1200.png

What security aspects should be con­sid­ered when using SMB?

For years, Microsoft has em­pha­sized ensuring that older versions of Server Message Block are supported by newer system editions to ensure com­mu­ni­ca­tion between older and newer devices. However, guar­an­tee­ing com­pat­i­bil­i­ty has always carried increased security risks, because SMB 1.0 has numerous vul­ner­a­bil­i­ties compared to its successor protocols, which can make your computer sus­cep­ti­ble to DoS attacks.

Es­pe­cial­ly in networks, the risk of an attack based on the SMB protocol is sig­nif­i­cant: For com­pat­i­bil­i­ty reasons, all SMB versions are often enabled there—perhaps because connected printers or other network devices require it. Even if the old protocol version isn’t actually used, attackers can easily downgrade com­mu­ni­ca­tion to SMB 1.0 and attack the target system without much hindrance. Since Windows 10, Microsoft has decided not to actively support the first version anymore or to au­to­mat­i­cal­ly uninstall it if not used. Similarly, under macOS, SMB version 1.0 has been disabled since macOS Catalina (2019).

Where is Server Message Block used or im­ple­ment­ed?

The key scenarios for using SMB have already been discussed in this article: The central point of the protocol is access to file systems, so the primary benefit lies in client-server con­nec­tions between computers and file servers. However, since other sections of the protocol clearly aim at in­ter­process com­mu­ni­ca­tion, the simple data exchange between two devices or two processes is also part of the ap­pli­ca­tion profile.

Apart from the im­ple­men­ta­tions of Server Message Block in the various Windows editions, the protocol has also been in­te­grat­ed into numerous other software projects over the years to make the com­mu­ni­ca­tion features available outside the Microsoft family. Some of the most well-known SMB im­ple­men­ta­tions include the following:

  • Samba: The software project Samba is probably the most well-known example of an SMB im­ple­men­ta­tion far from Windows. As early as 1991, the pro­gram­mer Andrew Tridgell began de­vel­op­ing the free software, which enables com­mu­ni­ca­tion via Server Message Block on Unix/Linux systems.
  • Netsmb: Netsmb refers to im­ple­men­ta­tions of an SMB client and server directly in the kernel of BSD operating systems. First released for the OS FreeBSD 4.4, these are now available for a variety of BSD systems, including NetBSD and macOS.
  • YNQ: YNQ (formerly NQ) is an SMB library that im­ple­ments the Server Message Block tech­nol­o­gy in embedded systems without Windows, enabling in­ter­op­er­abil­i­ty with Windows devices. YNQ has been developed by the Israeli software company Visuality Systems Ltd. since 1998.
  • TrueNAS: If you want to run your own NAS server that supports the SMB protocol among other things, the open-source solution TrueNAS is the right fit. The NAS software is based on FreeBSD and the OpenZFS file system.
  • Con­nect­ed­NAS: SMB server and client for Android devices alike is the software Con­nect­ed­NAS developed by Connected Way. Users of the paid app can easily exchange data between the mobile device and other SMB devices, whether personal or business-related. For security reasons, Con­nect­ed­NAS supports SMB starting from version 2.
Go to Main Menu