HOME

TheInfoList



OR:

Server Message Block (SMB) is a
communication protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchroniza ...
originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide
shared access In computing, a shared resource, or network share, is a computer resource made available from one host to other hosts on a computer network. It is a device or piece of information on a computer that can be remotely accessed from another compu ...
to files and
printers Printer may refer to: Technology * Printer (publishing), a person or a company * Printer (computing), a hardware device * Optical printer for motion picture films People * Nariman Printer ( fl. c. 1940), Indian journalist and activist * Jam ...
across
node In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics * Vertex (graph theory), a vertex in a mathematical graph *Vertex (geometry), a point where two or more curves, lines ...
s on a network of systems running IBM's
OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 r ...
. It also provides an authenticated inter-process communication (IPC) mechanism. In 1987,
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...
and
3Com 3Com Corporation was an American digital electronics manufacturer best known for its computer network products. The company was co-founded in 1979 by Robert Metcalfe, Howard Charney and others. Bill Krause joined as President in 1981. Metcalfe e ...
implemented SMB in
LAN Manager LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a h ...
for OS/2, at which time SMB used the
NetBIOS NetBIOS () is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, Ne ...
service atop the
NetBIOS Frames NetBIOS Frames (NBF) is a non- routable network- and transport-level data protocol most commonly used as one of the layers of Microsoft Windows networking in the 1990s. NBF or NetBIOS over IEEE 802.2 LLC is used by a number of network operating s ...
protocol as its underlying transport. Later, Microsoft implemented SMB in
Windows NT 3.1 Windows NT 3.1 is the first major release of the Windows NT operating system developed by Microsoft, released on July 27, 1993. At the time of Windows NT's release, Microsoft's Windows 3.1 desktop environment had established brand recognition ...
and has been updating it ever since, adapting it to work with newer underlying transports:
TCP/IP The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...
and NetBT. SMB implementation consists of two vaguely named
Windows service In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manage ...
s: "Server" (ID: LanmanServer) and "Workstation" (ID: LanmanWorkstation). It uses
NTLM In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft L ...
or Kerberos protocols for user authentication. In 1996, Microsoft published a version of SMB 1.0 with minor modifications under the Common Internet File System (CIFS ) moniker. CIFS was compatible with even the earliest incarnation of SMB, including
LAN Manager LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a h ...
's. It supports symbolic links, hard links, and larger file size, but none of the features of SMB 2.0 and later. Microsoft's proposal, however, remained an
Internet Draft An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are int ...
and never achieved standard status. Microsoft has since discontinued use of the CIFS moniker but continues developing SMB and making subsequent specifications publicly available.


Features

Server Message Block (SMB) enables
file sharing File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia (audio, images and video), documents or electronic books. Common methods of storage, transmission and dispersion include r ...
, printer sharing, network browsing, and inter-process communication (through named pipes) over a
computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...
. SMB serves as the basis for Microsoft's
Distributed File System A clustered file system is a file system which is shared by being simultaneously mounted on multiple servers. There are several approaches to clustering, most of which do not employ a clustered file system (only direct attached storage fo ...
implementation. SMB relies on the TCP and IP protocols for transport. This combination potentially allows file sharing over complex, interconnected networks, including the public Internet. The SMB server component uses TCP
port A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...
445. SMB originally operated on
NetBIOS NetBIOS () is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, Ne ...
over
IEEE 802.2 IEEE 802.2 is the original name of the ISO/IEC 8802-2 standard which defines logical link control (LLC) as the upper portion of the data link layer of the OSI Model. The original standard developed by the Institute of Electrical and Electronics En ...
-
NetBIOS Frames NetBIOS Frames (NBF) is a non- routable network- and transport-level data protocol most commonly used as one of the layers of Microsoft Windows networking in the 1990s. NBF or NetBIOS over IEEE 802.2 LLC is used by a number of network operating s ...
or NBF - and over
IPX/SPX IPX/SPX stands for Internetwork Packet Exchange/Sequenced Packet Exchange. IPX and SPX are networking protocol, networking protocols used initially on networks using the (since discontinued) Novell NetWare operating systems. They also became wid ...
, and later on
NetBIOS over TCP/IP NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks. NetBIOS was developed in the early 1980s, targeting very small network ...
(NetBT), but Microsoft has since
deprecated In several fields, especially computing, deprecation is the discouragement of use of some terminology, feature, design, or practice, typically because it has been superseded or is no longer considered efficient or safe, without completely removing ...
these protocols. On NetBT, the server component uses three TCP or UDP ports: 137 (NETBIOS Name Service), 138 (NETBIOS Datagram Service), and 139 (NETBIOS Session Service). In Microsoft Windows, two vaguely named
Windows service In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manage ...
s implement SMB. The "Server" service (ID: LanmanServer) is in charge of serving
shared resource In computing, a shared resource, or network share, is a computer resource made available from one host to other hosts on a computer network. It is a device or piece of information on a computer that can be remotely accessed from another compu ...
s. The "Workstation" service (ID: LanmanWorkstation) maintains the computer name and helps access shared resources on other computers. SMB uses the Kerberos protocol to authenticate users against
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
on
Windows domain A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controlle ...
networks. On simpler, peer-to-peer networks, SMB uses the
NTLM In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft L ...
protocol. Windows NT 4.0 SP3 and later can digitally sign SMB messages to prevent some
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
s. SMB signing may be configured individually for incoming SMB connections (by the "LanmanServer" service) and outgoing SMB connections (by the "LanmanWorkstation" service). The default setting for Windows
domain controller A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, sto ...
s running
Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...
and later is to not allow unsigned incoming connections. As such, earlier versions of Windows that do not support SMB signing from the get-go (including
Windows 9x Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced from 1995 to 2000, which were based on the Windows 95 kernel and its underlying foundation of MS-DOS, both of which were updated in su ...
) cannot connect to a Windows Server 2003 domain controller. SMB supports opportunistic locking (see below) on files in order to improve performance. Opportunistic locking support has changed with each Windows Server release.


Opportunistic locking

In the SMB protocol, opportunistic locking is a mechanism designed to improve performance by controlling caching of network files by the client. Unlike traditional
locks Lock(s) may refer to: Common meanings *Lock and key, a mechanical device used to secure items of importance *Lock (water navigation), a device for boats to transit between different levels of water, as in a canal Arts and entertainment * ''Lock ...
, opportunistic lock (OpLocks) are not strictly
file locking File locking is a mechanism that restricts access to a computer file, or to a region of a file, by allowing only one user or process to modify or delete it at a specific time and to prevent reading of the file while it's being modified or deleted ...
or used to provide mutual exclusion. There are four types of opportunistic locks. ; Batch Locks: Batch OpLocks were created originally to support a particular behavior of DOS batch file execution operation in which the file is opened and closed many times in a short period, which is a performance problem. To solve this, a client may ask for an OpLock of type "batch". In this case, the client delays sending the close request and if a subsequent open request is given, the two requests cancel each other. ; Level-1 OpLocks / Exclusive Locks: When an application opens in "shared mode" a file hosted on an SMB server which is not opened by any other process (or other clients) the client receives an exclusive OpLock from the server. This means that the client may now assume that it is the only process with access to this particular file, and the client may now cache all changes to the file before committing it to the server. This is a performance improvement, since fewer round-trips are required in order to read and write to the file. If another client/process tries to open the same file, the server sends a message to the client (called a ''break'' or ''revocation'') which invalidates the exclusive lock previously given to the client. The client then flushes all changes to the file. ; Level-2 OpLocks: If an exclusive OpLock is held by a client and a locked file is opened by a third party, the client has to relinquish its exclusive OpLock to allow the other client's write/read access. A client may then receive a "Level 2 OpLock" from the server. A Level 2 OpLock allows the caching of read requests but excludes write caching. ; Filter OpLocks: Added in Windows NT 4.0, Filter Oplocks are similar to Level 2 OpLocks but prevent sharing-mode violations between file open and lock reception. Microsoft advises use of Filter OpLocks only where it is important to allow multiple readers and Level 2 OpLocks in other circumstances. Clients holding an OpLock do not really hold a lock on the file, instead they are notified via a ''break'' when another client wants to access the file in a way inconsistent with their lock. The other client's request is held up while the break is being processed. ; Breaks: In contrast with the SMB protocol's "standard" behavior, a break request may be sent ''from'' server ''to'' client. It informs the client that an OpLock is no longer valid. This happens, for example, when another client wishes to open a file in a way that invalidates the OpLock. The first client is then sent an OpLock break and required to send all its local changes (in case of batch or exclusive OpLocks), if any, and acknowledge the OpLock break. Upon this acknowledgment the server can reply to the second client in a consistent manner.


Performance

The use of the SMB protocol has often correlated with a significant increase in broadcast traffic on a network. However the SMB itself does not use broadcasts—the broadcast problems commonly associated with SMB actually originate with the
NetBIOS NetBIOS () is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, Ne ...
service location protocol. By default, a
Microsoft Windows NT 4.0 Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...
server used NetBIOS to advertise and locate services. NetBIOS functions by broadcasting services available on a particular host at regular intervals. While this usually makes for an acceptable default in a network with a smaller number of hosts, increased broadcast traffic can cause problems as the number of hosts on the network increases. The implementation of name resolution infrastructure in the form of Windows Internet Naming Service (WINS) or
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
(DNS) resolves this problem. WINS was a proprietary implementation used with Windows NT 4.0 networks, but brought about its own issues and complexities in the design and maintenance of a Microsoft network. Since the release of Windows 2000, the use of WINS for name resolution has been deprecated by Microsoft, with hierarchical
Dynamic DNS Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information. The term is used to desc ...
now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NetBIOS names by DNS requires that a DNS client expand short names, usually by appending a connection-specific DNS suffix to its DNS lookup queries. WINS can still be configured on clients as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS. Network designers have found that latency has a significant impact on the performance of the SMB 1.0 protocol, that it performs more poorly than other protocols like
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
. Monitoring reveals a high degree of "chattiness" and a disregard of network latency between hosts. For example, a
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
connection over the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than a streaming protocol, that was originally designed for small LANs; it has a block size that is limited to 64K, SMB signing creates an additional overhead and the TCP window size is not optimized for WAN links. Solutions to this problem include the updated SMB 2.0 protocol,
Offline Files Windows Vista introduced a number of new I/O functions to the Microsoft Windows line of operating systems. They are intended to shorten the time taken to boot the system, improve the responsiveness of the system, and improve the reliability of dat ...
, TCP window scaling and
WAN optimization WAN optimization is a collection of techniques for improving data transfer across wide area networks (WANs). In 2008, the WAN optimization market was estimated to be $1 billion, and was to grow to $4.4 billion by 2014 according to Gartner, a tech ...
devices from various network vendors that cache and optimize SMB 1.0 and 2.0.


History


SMB 1.0

Barry Feigenbaum originally designed SMB at IBM in early 1983 with the aim of turning
DOS DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems. DOS may also refer to: Computing * Data over signalling (DoS), multiplexing data onto a signalling channel * Denial-of-service attack (DoS), an attack on a communicat ...
INT 21h The DOS API is an API which originated with 86-DOS and is used in MS-DOS/ PC DOS and other DOS-compatible operating systems. Most calls to the DOS API are invoked using software interrupt 21h ( INT 21h). By calling INT 21h with a subfunctio ...
local file access into a networked file system.
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...
made considerable modifications to the most commonly used version and implemented the SMB protocol in the
LAN Manager LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a h ...
operating system it had started developing for
OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 r ...
with
3Com 3Com Corporation was an American digital electronics manufacturer best known for its computer network products. The company was co-founded in 1979 by Robert Metcalfe, Howard Charney and others. Bill Krause joined as President in 1981. Metcalfe e ...
around 1990, and continued to add features to the protocol in
Windows for Workgroups Windows 3.1 is a major release of Microsoft Windows. It was Released-to-manufacturing, released to manufacturing on April 6, 1992, as a successor to Windows 3.0. Like its predecessors, the Windows 3.1 series ran as a Shell (computing), shell ...
() and in later versions of Windows. LAN Manager authentication was implemented based on the original legacy SMB specification's requirement to use IBM "LAN Manager" passwords, but implemented
DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), sever ...
in a flawed manner that allowed passwords to be cracked. Later, Kerberos authentication was also added. The
Windows domain A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controlle ...
logon protocols initially used 40-bit encryption outside of the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territori ...
, because of export restrictions on stronger 128-bit encryption (subsequently lifted in 1996 when President
Bill Clinton William Jefferson Clinton ( né Blythe III; born August 19, 1946) is an American politician who served as the 42nd president of the United States from 1993 to 2001. He previously served as governor of Arkansas from 1979 to 1981 and agai ...
signed Executive Order 13026). SMB 1.0 (or SMB1) was originally designed to run on
NetBIOS Frames NetBIOS Frames (NBF) is a non- routable network- and transport-level data protocol most commonly used as one of the layers of Microsoft Windows networking in the 1990s. NBF or NetBIOS over IEEE 802.2 LLC is used by a number of network operating s ...
(NetBIOS over
IEEE 802.2 IEEE 802.2 is the original name of the ISO/IEC 8802-2 standard which defines logical link control (LLC) as the upper portion of the data link layer of the OSI Model. The original standard developed by the Institute of Electrical and Electronics En ...
). Since then, it has been adapted to NetBIOS over
IPX/SPX IPX/SPX stands for Internetwork Packet Exchange/Sequenced Packet Exchange. IPX and SPX are networking protocol, networking protocols used initially on networks using the (since discontinued) Novell NetWare operating systems. They also became wid ...
(NBX), and
NetBIOS over TCP/IP NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks. NetBIOS was developed in the early 1980s, targeting very small network ...
(NetBT). Also, since
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...
, SMB runs on TCP using TCP port 445, a feature known as "direct host SMB". There is still a thin layer (similar to the Session Message packet of NetBT's Session Service) between SMB and TCP. Windows Server 2003, and legacy
NAS Nas (born 1973) is the stage name of American rapper Nasir Jones. Nas, NaS, or NAS may also refer to: Aviation * Nasair, a low-cost airline carrier and subsidiary based in Eritrea * National Air Services, an airline in Saudi Arabia ** Nas Air ( ...
devices use SMB1 natively. SMB1 is an extremely chatty protocol, which is not such an issue on a
local area network A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network (WAN) not only covers a larger ...
(LAN) with low latency. It becomes very slow on
wide area networks A wide area network (WAN) is a telecommunications network that extends over a large geographic area. Wide area networks are often established with leased telecommunication circuits. Businesses, as well as schools and government entities, us ...
(WAN) as the back and forth handshake of the protocol magnifies the inherent high latency of such a network. Later versions of the protocol reduced the high number of handshake exchanges. One approach to mitigating the inefficiencies in the protocol is to use
WAN optimization WAN optimization is a collection of techniques for improving data transfer across wide area networks (WANs). In 2008, the WAN optimization market was estimated to be $1 billion, and was to grow to $4.4 billion by 2014 according to Gartner, a tech ...
products such as those provided by
Riverbed A stream bed or streambed is the bottom of a stream or river (bathymetry) or the physical confine of the normal water flow ( channel). The lateral confines or channel margins are known as the stream banks or river banks, during all but flood ...
, Silver Peak, or
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
. A better approach is to upgrade to a later version of SMB. This includes upgrading both NAS devices as well as Windows Server 2003. The most effective method to identify SMB1 traffic is with a network analyzer tool, such as
Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 d ...
. Microsoft also provides an auditing tool in
Windows Server 2016 Windows Server 2016 is the eighth release of the Windows Server Server (computing), server operating system developed by Microsoft as part of the Windows NT family of operating systems. It was developed concurrently with Windows 10 and is the su ...
to track down devices that use SMB1. Microsoft has marked SMB1 as
deprecated In several fields, especially computing, deprecation is the discouragement of use of some terminology, feature, design, or practice, typically because it has been superseded or is no longer considered efficient or safe, without completely removing ...
in June 2013. Windows Server 2016 and
Windows 10 version 1709 Windows 10 Fall Creators Update (also known as version 1709 and codenamed "Redstone 3") is the fourth major update to Windows 10 and the third in a series of updates under the Redstone codenames. It carries the build number 10.0.16299. PC version ...
do not have SMB1 installed by default.


CIFS

In 1996, when Sun Microsystems announced
WebNFS WebNFS is an extension to the Network File System (NFS) for allowing clients to access a file system over the internet using a simplified, firewall-friendly protocol. WebNFS was developed to give Java applets and other internet enabled application ...
, Microsoft launched an initiative to rename SMB to Common Internet File System (CIFS) and added more features, including support for
symbolic link In computing, a symbolic link (also symlink or soft link) is a file whose purpose is to point to a file or directory (called the "target") by specifying a path thereto. Symbolic links are supported by POSIX and by most Unix-like operating syste ...
s, hard links, larger file sizes, and an initial attempt at supporting direct connections over TCP port 445 without requiring
NetBIOS NetBIOS () is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, Ne ...
as a transport (a largely experimental effort that required further refinement). Microsoft submitted some partial specifications as
Internet Draft An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are int ...
s to the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
.See: * * * * * * These submissions have since expired.


SMB 2.0

Microsoft introduced a new version of the protocol (SMB 2.0 or SMB2) in 2006 with
Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and
Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on F ...
. Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol. SMB2 reduces the 'chattiness' of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen. It has mechanisms for pipelining, that is, sending additional requests before the response to a previous request arrives, thereby improving performance over high- latency links. It adds the ability to compound multiple actions into a single request, which significantly reduces the number of round-trips the client needs to make to the server, improving performance as a result. SMB1 also has a compounding mechanism—known as AndX—to compound multiple actions, but Microsoft clients rarely use AndX. It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network outages, as are typical in a wireless network, without having to incur the overhead of re-negotiating a new session. SMB2 includes support for
symbolic link In computing, a symbolic link (also symlink or soft link) is a file whose purpose is to point to a file or directory (called the "target") by specifying a path thereto. Symbolic links are supported by POSIX and by most Unix-like operating syste ...
s. Other improvements include caching of file properties, improved message signing with HMAC
SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...
hashing algorithm and better scalability by increasing the number of users, shares and open files per server among others. The SMB1 protocol uses 16-bit data sizes, which amongst other things, limits the maximum block size to 64K. SMB2 uses 32- or 64-bit wide storage fields, and 128 bits in the case of file-handles, thereby removing previous constraints on block sizes, which improves performance with large file transfers over fast networks. Windows Vista/
Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...
and later operating systems use SMB2 when communicating with other machines also capable of using SMB2. SMB1 continues in use for connections with older versions of Windows, as well various vendors'
NAS Nas (born 1973) is the stage name of American rapper Nasir Jones. Nas, NaS, or NAS may also refer to: Aviation * Nasair, a low-cost airline carrier and subsidiary based in Eritrea * National Air Services, an airline in Saudi Arabia ** Nas Air ( ...
solutions. Samba 3.5 also includes experimental support for SMB2. Samba 3.6 fully supports SMB2, except the modification of user quotas using the Windows quota management tools. When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed by IBM, was
reverse engineered Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
, and later became part of a wide variety of non-Windows operating systems such as
Xenix Xenix is a discontinued version of the Unix operating system for various microcomputer platforms, licensed by Microsoft from AT&T Corporation in the late 1970s. The Santa Cruz Operation (SCO) later acquired exclusive rights to the software, and ...
,
OS/2 OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 r ...
and VMS (
Pathworks PATHWORKS (it was usually written in all caps) was the trade name used by Digital Equipment Corporation of Maynard, Massachusetts for a series of programs that eased the interoperation of Digital's minicomputers and servers with personal compute ...
).
X/Open X/Open group (also known as the Open Group for Unix Systems and incorporated in 1987 as X/Open Company, Ltd.) was a consortium founded by several European UNIX systems manufacturers in 1984 to identify and promote open standards in the field of info ...
standardized it partially; Microsoft had submitted Internet-Drafts describing SMB2 to the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
, partly in response to formal IETF standardization of version 4 of the
Network File System Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, lik ...
in December 2000 as IETF RFC 3010.; however, those SMB-related Internet-Drafts expired without achieving any IETF standards-track approval or any other IETF endorsement. (See http://ubiqx.org/cifs/Intro.html for historical detail.) SMB2 is also a relatively clean break with the past. Microsoft's SMB1 code has to work with a large variety of SMB clients and servers. SMB1 features many versions of information for commands (selecting what structure to return for a particular request) because features such as
Unicode Unicode, formally The Unicode Standard,The formal version reference is is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems. The standard, wh ...
support were retro-fitted at a later date. SMB2 involves significantly reduced compatibility-testing for implementers of the protocol. SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support). Apple migrated to SMB2 (from their own
Apple Filing Protocol The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS. In Mac OS 9 and earlier, AFP was ...
, now legacy) starting with OS X 10.9 "Mavericks". This transition was fraught with compatibility problems though. Non-default support for SMB2 appeared in fact in OS X 10.7, when Apple abandoned Samba in favor of its own SMB implementation called SMBX. Apple switched to its own SMBX implementation after Samba adopted
GPLv3 The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...
. MacOS also has supported the IETF Network File System (NFS) for many years (and continues to do so as of 2021). The Linux kernel's CIFS client file system has SMB2 support since version 3.7.


SMB 2.1

SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced minor performance enhancements with a new opportunistic locking mechanism.


SMB 3.0

SMB 3.0 (previously named SMB 2.2) was introduced with
Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 1, 2012; it was subsequently made available for download via MSDN and TechNet on August 15, 2012, and later to ...
and
Windows Server 2012 Windows Server 2012, codenamed "Windows Server 8", is the sixth version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It is the server version of Windows based on Windows 8 and succe ...
. It brought several significant changes that are intended to add functionality and improve SMB2 performance, notably in virtualized data centers: * the SMB Direct Protocol (SMB over remote direct memory access DMA * SMB Multichannel (multiple connections per SMB session), * SMB Transparent Failover It also introduces several security enhancements, such as
end-to-end encryption End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecommunications service providers, telecom providers, Internet ...
and a new AES based signing algorithm.


SMB 3.0.2

SMB 3.0.2 (known as 3.02 at the time) was introduced with Windows 8.1 and Windows Server 2012 R2; in those and later releases, the earlier SMB version 1 can be optionally disabled to increase security.


SMB 3.1.1

SMB 3.1.1 was introduced with
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
and
Windows Server 2016 Windows Server 2016 is the eighth release of the Windows Server Server (computing), server operating system developed by Microsoft as part of the Windows NT family of operating systems. It was developed concurrently with Windows 10 and is the su ...
. This version supports
AES-128 The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
GCM encryption in addition to AES-128 CCM encryption added in SMB3, and implements pre-authentication integrity check using
SHA-512 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.x and higher.


Specifications

The specifications for the SMB are proprietary and were initially closed, thereby forcing other vendors and projects to reverse-engineer the protocol to interoperate with it. The SMB 1.0 protocol was eventually published some time after it was reverse engineered, whereas the SMB 2.0 protocol was made available from Microsoft's Open Specifications Developer Center from the outset.


Third-party implementations


Samba

In 1991,
Andrew Tridgell Andrew "Tridge" Tridgell (born 28 February 1967) is an Australian computer programmer. He is the author of and a contributor to the Samba file server, and co-inventor of the rsync algorithm. He has analysed complex proprietary protocols and ...
started the development of Samba, a
free-software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, no ...
re-implementation (using reverse engineering) of the SMB/CIFS networking protocol for
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
systems, initially to implement an SMB server to allow PC clients running the DEC
Pathworks PATHWORKS (it was usually written in all caps) was the trade name used by Digital Equipment Corporation of Maynard, Massachusetts for a series of programs that eased the interoperation of Digital's minicomputers and servers with personal compute ...
client to access files on SunOS machines. Because of the importance of the SMB protocol in interacting with the widespread Microsoft Windows platform, Samba became a popular
free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, no ...
implementation of a compatible SMB client and server to allow non-Windows operating systems, such as
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating systems, to interoperate with Windows. As of version 3 (2003), Samba provides file and print services for Microsoft Windows clients and can integrate with a
Windows NT 4.0 Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...
server domain, either as a
Primary Domain Controller On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests (logging in, etc.) within a Windows domain. A ''domain'' is a concept introduced in Windows NT whereby a user may be granted access ...
(PDC) or as a domain member. Samba4 installations can act as an
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
domain controller or member server, at Windows 2008 domain and
forest A forest is an area of land dominated by trees. Hundreds of definitions of forest are used throughout the world, incorporating factors such as tree density, tree height, land use, legal standing, and ecological function. The United Nations' ...
functional levels. Package managers in Linux distributions can search for the ''cifs-utils'' package. The package is from the Samba maintainers.


Netsmb

NSMB (Netsmb and SMBFS) is a family of in-kernel SMB client and server implementations in BSD operating systems. It was first contributed to FreeBSD 4.4 by Boris Popov, and is now found in a wide range of other BSD systems including NetBSD and
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
. The implementations have diverged significantly ever since. The macOS version of NSMB is notable for its now-common scheme of representing symlinks. This "Minshall-French" format shows symlinks as textual files with a extension and a magic number, always 1067 bytes long. This format is also used for storing symlinks on naive SMB servers or unsupported filesystems. Samba supports this format with an option. Docker on Windows also seems to use it.


NQ

NQ is a family of portable SMB client and server implementations developed b
Visuality Systems
an Israel-based company established in 1998 by Sam Widerman, formerly the CEO of Siemens Data Communications. The NQ family comprises an embedded SMB stack (written in C), a Pure Java SMB Client, and a storage SMB Server implementation. All solutions support the latest SMB 3.1.1 dialect
NQ for LinuxNQ for WinCE
iOS, Android, VxWorks and other real-time operating systems are all supported by the configurable NQ solution.


MoSMB

MoSMB is a proprietary SMB implementation for Linux and other
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
systems, developed by Ryussi Technologies. It supports only SMB 2.x and SMB 3.x.


Fusion File Share by Tuxera

Fusion File Share by Tuxera is a proprietary SMB server implementation developed by
Tuxera Tuxera Inc. is a Finnish software company that develops and sells file systems software. Its most popular products are Tuxera NTFS and Tuxera exFAT, both available on a number of platforms including Linux, Android (operating system), Android, QNX ...
that can be run either in kernel or
user space A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...
. It supports SMB 3.1.1 and all previous versions, additionally advanced SMB features like continuous availability (persistent handles) scale-out, RDMA (SMB Direct), SMB multichannel, transparent compression,
shadow copy Shadow Copy (also known as Volume Snapshot Service, Volume Shadow Copy Service or VSS) is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is imple ...
.


Likewise

Likewise developed a CIFS/SMB implementation (versions 1.0, 2.0, 2.1 and NFS 3.0) in 2009 that provided a multiprotocol, identity-aware platform for network access to files used in
OEM An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...
storage products built on Linux/Unix based devices. The platform could be used for traditional NAS, Cloud Gateway, and Cloud Caching devices for providing secure access to files across a network. Likewise was purchased by EMC Isilon in 2012.


CIFSD

CIFSD is an open source in-kernel CIFS/SMB server implementation for the Linux kernel. It has the following advantages over user-space implementations: it provides better performance, and it makes it easier to implement some features such as SMB Direct. It supports SMB 3.1.1 and previous versions.


Security

Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components on which it directly relies. Other vendors' security vulnerabilities lie primarily in a lack of support for newer
authentication protocol An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity ...
s like
NTLMv2 In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft L ...
and Kerberos in favor of protocols like NTLMv1, LanMan, or
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of com ...
passwords. Real-time attack tracking shows that SMB is one of the primary attack vectors for intrusion attempts, for example the 2014 Sony Pictures attack, and the
WannaCry ransomware attack The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitco ...
of 2017. In 2020, two SMB high-severity vulnerabilities were disclosed and dubbed as SMBGhost
CVE-2020-0796
an
SMBleedCVE-2020-1206
, which when chained together can provide RCE (Remote Code Execution) privilege to the attacker.


See also


References


Further reading


SMB specifications

* ** Specifies the Common Internet File System (CIFS) Protocol, a cross-platform, transport-independent protocol that provides a mechanism for client systems to use file and print services made available by server systems over a network * ** Specifies the Server Message Block (SMB) Protocol, which defines extensions to the existing Common Internet File System (CIFS) specification that have been implemented by Microsoft since the publication of the CIFS specification. * ** Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources between machines and extend the concepts from the Server Message Block Protocol. * ** Specifies the SMB2 Remote Direct Memory Access (RDMA) Transport Protocol, a wrapper for the existing SMB2 protocol that allows SMB2 packets to be delivered over RDMA-capable transports such as iWARP or Infiniband while utilizing the direct data placement (DDP) capabilities of these transports. Benefits include reduced CPU overhead, lower latency, and improved throughput.


Miscellaneous

* Hertel, Christopher (2003).
Implementing CIFS The Common Internet FileSystem
'. Prentice Hall. . (Text licensed under the
Open Publication License The Open Publication License (OPL) was published by the Open Content Project in 1999 as a public copyright license for documents. It superseded the Open Content License, which was published by the Open Content Project in 1998. Starting around 2 ...
, v1.0 or later, available from the link above.) * Steven M. French
A New Network File System is Born: Comparison of SMB2, CIFS, and NFS
Linux Symposium The Linux Symposium was a Linux and Open Source conference held annually in Canada from 1999 to 2014. The conference was initially named Ottawa Linux Symposium and was held only in Ottawa, but was renamed after being held in other cities in Canada. ...
2007 * Steve French
The Future of File Protocols: SMB2 Meets Linux
Linux Collaboration Summit 2012


External links


DFS section in "Windows Developer" documentation

the NT LM 0.12 dialect of SMB
In
Microsoft Word Microsoft Word is a word processor, word processing software developed by Microsoft. It was first released on October 25, 1983, under the name ''Multi-Tool Word'' for Xenix systems. Subsequent versions were later written for several other pla ...
format {{File systems Application layer protocols Inter-process communication Network file systems Network protocols Windows communication and services