SMB (Server Message Block) is a network protocol that allows access to files, printers, and other resources within a local network. It is primarily used in Windows en­vir­on­ments to enable file and service sharing between computers.

What is SMB (Server Message Block)?

SMB (Server Message Block) is a client-server protocol that manages access to files and entire dir­ect­or­ies as well as other network resources like printers, routers, or in­ter­faces shared within the network. The exchange of in­form­a­tion between different processes of a system (also known as inter-process com­mu­nic­a­tion) can also be handled based on the SMB protocol.

IONOS Cloud Object Storage
Cloud storage at an un­beat­able price

Cost-effective, scalable storage that in­teg­rates into your ap­plic­a­tion scenarios. Protect your data with highly secure servers and in­di­vidu­al access control.

Developed by the IT cor­por­a­tion IBM in 1983, various versions and im­ple­ment­a­tions of the protocol have been released over the past decades. SMB was first made available to a wider audience with the OS/2 network operating system LAN Manager and its successor LAN Server. Since then, its main area of ap­plic­a­tion has been the Windows operating system series, whose network services support SMB with backward com­pat­ib­il­ity—allowing devices with newer editions to com­mu­nic­ate seam­lessly with devices running an older Microsoft operating system.

With the open-source software project Samba, there is also a solution that enables the use of Server Message Block in Linux and Unix dis­tri­bu­tions, allowing for cross-platform com­mu­nic­a­tion via SMB.

Note

In Windows NT 4.0, Microsoft in­tro­duced its im­ple­ment­a­tion of the SMB protocol under the name Common Internet File System (CIFS). Initially, the term was often used in­ter­change­ably with the broader SMB protocol family. Today, however, CIFS is primarily re­cog­nised as the label for the original SMB version 1.0.

How does SMB work?

The Server Message Block protocol enables the client to com­mu­nic­ate with other par­ti­cipants in the same network, thereby accessing files or services shared with it in the network. The other system must also implement the network protocol to receive and process the re­spect­ive client request using an SMB server ap­plic­a­tion. Prior to this, both parties must establish a con­nec­tion, which requires them to exchange cor­res­pond­ing messages.

In IP networks, SMB uses the Trans­mis­sion Control Protocol (TCP), which provides for a three-way handshake between the client and server before a con­nec­tion is finally es­tab­lished. The sub­sequent transport of data is also governed by the spe­cific­a­tions of the TCP protocol.

Note

For es­tab­lish­ing con­nec­tions and trans­mis­sion via TCP/SMB, TCP port 445 is currently reserved. Address res­ol­u­tion typically works through the Domain Name System (DNS) or in smaller networks via Link-Local Multicast Name Res­ol­u­tion (LLMNR).

Image: Diagram: Server Message Block
Once a con­nec­tion is es­tab­lished over TCP, the SMB client and SMB server can exchange messages to query or provide files or services over the network.

Evolution of the SMB Protocol and the different versions

As mentioned earlier, since SMB was first released in 1983, there have been several ad­just­ments to the network standard, which have been recorded in different protocol versions—starting with SMB 1.0 and up to the current version SMB 3.1.1, in­tro­duced by Microsoft alongside Windows 10. The following sections summarise the key steps in the de­vel­op­ment of the Server Message Block protocol.

SMB 1.0 (CIFS)

The first version of the network com­mu­nic­a­tion protocol is often equated with the pre­vi­ously mentioned variant Common Internet File System (CIFS). However, the latter actually refers to just an aspect of the first protocol edition—spe­cific­ally the im­ple­ment­a­tion of the protocol in devices with Windows NT 4.0. In this initial version, com­mu­nic­a­tion over the NetBIOS interface as well as UDP-ports 137 (name res­ol­u­tion) and 138 (packet delivery) and TCP-port 139 (con­nec­tion setup and transport) were intended. With Windows 2000, the de­pend­ency on NetBIOS was elim­in­ated, allowing the protocol now of­fi­cially referred to as SMB 1.0 to enable the direct con­nec­tion over TCP (port 445) that is still used today.

SMB 2.0

Microsoft delivered the first major revision of Server Message Block in November 2006, along with the operating system Windows Vista. Although the protocol—now known as SMB 2.0 or 2—remained pro­pri­et­ary, the software company also published the spe­cific­a­tion for the first time to enable other systems to com­mu­nic­ate with Windows operating systems. The most important in­nov­a­tions of the second protocol version were as follows:

  • Reduction of commands and sub­com­mands from over 100 to 19
  • Optimised per­form­ance thanks to the new queue function for SMB requests
  • Support for symbolic links (links to files or dir­ect­or­ies)
  • Caching of file at­trib­utes
  • Enhanced message signing (HMAC-SHA-256 algorithm)
  • Improved scalab­il­ity due to a higher maximum number of clients, shares, and sim­ul­tan­eously open files

For com­pat­ib­il­ity reasons, the first protocol version was retained—a measure Microsoft also continued in sub­sequent versions.

SMB 2.1

Version 2.1 of the SMB protocol is closely as­so­ci­ated with Windows 7. The revised edition of the second protocol version was released alongside the operating system in 2007, in­tro­du­cing mainly new locking mech­an­isms for better reg­u­la­tion of file access (reading, writing, deleting, etc.), alongside some minor per­form­ance op­tim­isa­tions.

SMB 3.0

In 2012, Windows 8 was released, along with a new version of Server Message Block, initially listed as SMB 2.2, but later received the des­ig­na­tion SMB 3.0, which is still valid today. This protocol revision also aims to improve the per­form­ance and security of SMB con­nec­tions—par­tic­u­larly in vir­tu­al­ised data centres. The boost is primarily due to the following new features:

  • Pos­sib­il­ity of remote storage access thanks to SMB over RDMA (Remote Direct Memory Access)
  • Mul­tichan­nel function allows the es­tab­lish­ment of multiple con­nec­tions per SMB session
  • Trans­par­ent failover
  • End-to-end en­cryp­tion
Note

With SMB 3.0.2, the third protocol version was im­ple­men­ted in Windows 8.1 without any major in­nov­a­tions.

SMB 3.1.1

SMB 3.1.1 (released in 2015 with Windows 10) extends the protocol series with an integrity check before au­then­tic­a­tion based on SHA-512 hashes. Ad­di­tion­ally, the version relies on AES-128 en­cryp­tion with Galois/Counter Mode (GCM). For all com­mu­nic­at­ing devices with SMB 2.0 or higher, SMB 3.1.1 makes a secure con­nec­tion mandatory.

Overview of SMB versions in table form

SMB version Supported since New features
CIFS Windows NT 4.0 Com­mu­nic­a­tion via NetBIOS interface
SMB 1.0 Windows 2000 Direct con­nec­tion via TCP
SMB 2.0 Windows Vista, Windows Server 2008, Samba 3.5 Various per­form­ance upgrades, improved message signing, caching function for file prop­er­ties
SMB 2.1 Windows 7, Windows Server 2008 R2 Locking mech­an­isms
SMB 3.0 Windows 8, Windows Server 2012, Samba 4.0 Mul­tichan­nel con­nec­tions, end-to-end en­cryp­tion, remote storage access
SMB 3.0.2 Windows 8.1, Windows Server 2012 R2 No major in­nov­a­tions
SMB 3.1.1 Windows 10, Windows Server 2016, Samba 4.3 Integrity check, AES-128 en­cryp­tion with Galois/Counter Mode (GCM)
Image: ION_UK_DG-VPS_960x320.png
Image: ION_UK_DG-VPS_1200x1200.png

What security aspects should be con­sidered when using SMB?

For years, Microsoft has em­phas­ised ensuring that older versions of Server Message Block are supported by newer system editions to ensure com­mu­nic­a­tion between older and newer devices. However, guar­an­tee­ing com­pat­ib­il­ity has always carried increased security risks, because SMB 1.0 has numerous vul­ner­ab­il­it­ies compared to its successor protocols, which can make your computer sus­cept­ible to DoS attacks.

Es­pe­cially in networks, the risk of an attack based on the SMB protocol is sig­ni­fic­ant: For com­pat­ib­il­ity reasons, all SMB versions are often enabled there—perhaps because connected printers or other network devices require it. Even if the old protocol version isn’t actually used, attackers can easily downgrade com­mu­nic­a­tion to SMB 1.0 and attack the target system without much hindrance. Since Windows 10, Microsoft has decided not to actively support the first version anymore or to auto­mat­ic­ally uninstall it if not used. Similarly, under macOS, SMB version 1.0 has been disabled since macOS Catalina (2019).

Where is Server Message Block used or im­ple­men­ted?

The key scenarios for using SMB have already been discussed in this article: The central point of the protocol is access to file systems, so the primary benefit lies in client-server con­nec­tions between computers and file servers. However, since other sections of the protocol clearly aim at in­ter­pro­cess com­mu­nic­a­tion, the simple data exchange between two devices or two processes is also part of the ap­plic­a­tion profile.

Apart from the im­ple­ment­a­tions of Server Message Block in the various Windows editions, the protocol has also been in­teg­rated into numerous other software projects over the years to make the com­mu­nic­a­tion features available outside the Microsoft family. Some of the most well-known SMB im­ple­ment­a­tions include the following:

  • Samba: The software project Samba is probably the most well-known example of an SMB im­ple­ment­a­tion far from Windows. As early as 1991, the pro­gram­mer Andrew Tridgell began de­vel­op­ing the free software, which enables com­mu­nic­a­tion via Server Message Block on Unix/Linux systems.
  • Netsmb: Netsmb refers to im­ple­ment­a­tions of an SMB client and server directly in the kernel of BSD operating systems. First released for the OS FreeBSD 4.4, these are now available for a variety of BSD systems, including NetBSD and macOS.
  • YNQ: YNQ (formerly NQ) is an SMB library that im­ple­ments the Server Message Block tech­no­logy in embedded systems without Windows, enabling in­ter­op­er­ab­il­ity with Windows devices. YNQ has been developed by the Israeli software company Visuality Systems Ltd. since 1998.
  • TrueNAS: If you want to run your own NAS server that supports the SMB protocol among other things, the open-source solution TrueNAS is the right fit. The NAS software is based on FreeBSD and the OpenZFS file system.
  • Con­nec­ted­NAS: SMB server and client for Android devices alike is the software Con­nec­ted­NAS developed by Connected Way. Users of the paid app can easily exchange data between the mobile device and other SMB devices, whether personal or business-related. For security reasons, Con­nec­ted­NAS supports SMB starting from version 2.
Go to Main Menu