Server Message Block

In computer networking, Server Message Block (SMB), one version of which was also known as Common Internet File System (CIFS /sɪfs/),[1][2] operates as an application-layer or presentation-layer network protocol[3] mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as "Microsoft Windows Network" before the introduction of Active Directory. Corresponding Windows services are LAN Manager Server (for the server component) and LAN Manager Workstation (for the client component).[4]


Although its main purpose is file sharing, additional SMB Protocol provides other functionality such as:

  • Network browsing
  • Printing over a network

SMB Protocol is most often used as an Application layer or a Presentation layer protocol, and it relies on lower-level protocols for transport.

  1. The transport layer protocol that Microsoft SMB Protocol was often used with was NetBIOS over TCP/IP (NBT) over UDP ports 137 and 138 and TCP ports 137 and 139.
    • NBT for use by NetBIOS is supported on Windows Server 2003, Windows XP, Windows 2000, Windows NT, and Windows Me/98/95.
    • NetBIOS is not supported on Windows Vista, Windows Server 2008, and subsequent versions of Windows.  SMB/NBT combination is generally used for backward compatibility.
  2. The NetBIOS over NetBEUI protocol provides NetBIOS support for the NetBEUI protocol. This protocol is also called NetBIOS Frames (NBF).
    • NBF is supported on Windows 2000, Windows NT, and Windows Me/98/95.
    • NetBEUI is no longer be supported on Windows XP and later.
  3. However, SMB Protocol can also be used without a separate transport protocol directly over TCP, port 445.
  4. NeBIOS was also supported over several legacy protocols such as IPX/SPX.

The SMB "Inter-Process Communication" (IPC) system provides named pipes and was one of the first inter-process mechanisms commonly available to programmers that provides a means for services to inherit the authentication carried out when a client first connects to an SMB server.

Some services that operate over named pipes, such as those which use Microsoft's own implementation of DCE/RPC over SMB, known as MSRPC over SMB, also allow MSRPC client programs to perform authentication, which overrides the authorization provided by the SMB server, but only in the context of the MSRPC client program that successfully makes the additional authentication.

SMB signing: Windows NT 4.0 Service Pack 3 and upwards have the capability to use cryptography to digitally sign SMB connections. The most common official term is "SMB signing". Other terms that have been used officially are "[SMB] Security Signatures", "SMB sequence numbers"[5] and "SMB Message Signing".[6] SMB signing may be configured individually for incoming SMB connections (handled by the "LanManServer" service) and outgoing SMB connections (handled by the "LanManWorkstation" service). The default setting from Windows 98 and upwards is to opportunistically sign outgoing connections whenever the server also supports this, and to fall back to unsigned SMB if both partners allow this. The default setting for Windows domain controllers from Windows Server 2003 and upwards is to not allow fall back for incoming connections.[7] The feature can also be turned on for any server running Windows NT 4.0 Service Pack 3 or later. This protects from man-in-the-middle attacks against the Clients retrieving their policies from domain controllers at login.[8]

The design of Server Message Block version 2 (SMB2) aims to mitigate this performance limitation by coalescing SMB signals into single packets.

SMB supports opportunistic locking—a special type of locking-mechanism—on files in order to improve performance.

SMB serves as the basis for Microsoft's Distributed File System implementation.



Barry Feigenbaum originally designed SMB at IBM in early 1983 with the aim of turning DOS INT 21h local file access into a networked file system.[9] Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product which it had started developing for OS/2 with 3Com around 1990, and continued to add features to the protocol in Windows for Workgroups (c. 1992) and in later versions of Windows.

SMB was originally designed to run on top of the NetBIOS/NetBEUI API (typically implemented with NBF, NetBIOS over IPX/SPX, or NBT). Since Windows 2000, SMB runs, by default, with a thin layer, similar to the Session Message packet of NBT's Session Service, on top of TCP, using TCP port 445 rather than TCP port 139—a feature known as "direct host SMB".[10]

Windows Server 2003, and older NAS devices use SMB1/CIFS natively. SMB1/CIFS is an extremely chatty protocol, in that it makes inefficient use of networking resources, particularly when transported over expensive WAN links. While Microsoft estimates that SMB1/CIFS comprises less than 10% of network traffic in the average Enterprise network, that is still a significant amount of traffic. One approach to mitigating the inefficiencies in the protocol is to use WAN Acceleration products such as those provided by Riverbed, Silver Peak, or Cisco Systems. A better approach is simply to eliminate SMB1/CIFS by upgrading the server infrastructure that uses it. This includes both NAS devices as well as Windows Server 2003. The most effective method in use currently to identify SMB1/CIFS traffic is to use a network analyzer tool such as Wireshark, etc., to identify SMB1/CIFS "talkers" and then decommission or upgrade them over time. Microsoft also provides an auditing tool in Windows Server 2016, which can be used to track down SMB1/CIFS talkers.[11]

In 1996, when Sun Microsystems announced WebNFS,[12] Microsoft launched an initiative to rename SMB to Common Internet File System (CIFS)[9] and added more features, including support for symbolic links, hard links, larger file sizes, and an initial attempt at supporting direct connections over TCP port 445 without requiring NetBIOS as a transport (a largely experimental effort that required further refinement). Microsoft submitted some partial specifications as Internet-Drafts to the IETF,[13] though these submissions have expired.

SMB 2.0

Microsoft introduced a new version of the protocol (SMB 2.0 or SMB2) with Windows Vista in 2006.[14] Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol.[15]

SMB2 reduces the 'chattiness' of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen.[16] It has mechanisms for pipelining, that is, sending additional requests before the response to a previous request arrives, thereby improving performance over high latency links. It adds the ability to compound multiple actions into a single request, which significantly reduces the number of round-trips the client needs to make to the server, improving performance as a result.[16] SMB1 also has a compounding mechanism—known as AndX—to compound multiple actions, but Microsoft clients rarely use AndX. It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network outages, as are typical in a wireless network, without having to incur the overhead of re-negotiating a new session.

SMB2 includes support for symbolic links. Other improvements include caching of file properties, improved message signing with HMAC SHA-256 hashing algorithm and better scalability by increasing the number of users, shares and open files per server among others.[16] The SMB1 protocol uses 16-bit data sizes, which amongst other things, limits the maximum block size to 64K. SMB2 uses 32 or 64-bit wide storage fields, and 128 bits in the case of file-handles, thereby removing previous constraints on block sizes, which improves performance with large file transfers over fast networks.[16]

Windows Vista/Server 2008 and later operating systems use SMB2 when communicating with other machines also capable of using SMB2. SMB1 continues in use for connections with older versions of Windows, as well various vendors' NAS solutions. Samba 3.5 also includes experimental support for SMB2.[17] Samba 3.6 fully supports SMB2, except the modification of user quotas using the Windows quota management tools.[18]

When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed by IBM, was reverse engineered, and later became part of a wide variety of non-Windows operating systems such as Xenix, OS/2 and VMS (Pathworks). X/Open standardized it partially; it also had draft IETF standards which lapsed. (See for historical detail.) SMB2 is also a relatively clean break with the past. Microsoft's SMB1 code has to work with a large variety of SMB clients and servers. SMB1 features many versions of information for commands (selecting what structure to return for a particular request) because features such as Unicode support were retro-fitted at a later date. SMB2 involves significantly reduced compatibility-testing for implementers of the protocol. SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support).

Apple is also migrating to SMB2 (from their own Apple Filing Protocol, now legacy) with OS X 10.9.[19] This transition was fraught with compatibility problems though.[20][21] Non-default support for SMB2 appeared in fact in OS X 10.7, when Apple abandoned Samba in favor of its own SMB implementation called SMBX.[19] Apple switched to its own SMBX implementation after Samba adopted GPLv3.[22][23]

The Linux kernel's CIFS client file system has SMB2 support since version 3.7.[24]

SMB 2.1

SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced minor performance enhancements with a new opportunistic locking mechanism.[25]

SMB 3.0

SMB 3.0 (previously named SMB 2.2)[26] was introduced with Windows 8[26] and Windows Server 2012.[26] It brought several significant changes that are intended to add functionality and improve SMB2 performance,[27] notably in virtualized data centers:

It also introduces several security enhancements, such as end-to-end encryption and a new AES based signing algorithm.[32][33]

SMB 3.0.2

SMB 3.0.2 (known as 3.02 at the time) was introduced with Windows 8.1 and Windows Server 2012 R2;[34][35] in those and later releases, the earlier SMB version 1 can be optionally disabled to increase security.[36][37]

SMB 3.1.1

SMB 3.1.1 was introduced with Windows 10 and Windows Server 2016.[38] This version supports AES 128 GCM encryption in addition to AES 128 CCM encryption added in SMB3, and implements pre-authentication integrity check using SHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.x and higher.


Client-server approach

SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. One section of the SMB protocol specifically deals with access to filesystems, such that clients may make requests to a file server; but some other sections of the SMB protocol specialize in inter-process communication (IPC). The Inter-Process Communication (IPC) share, or ipc$, is a network share on computers running Microsoft Windows. This virtual share is used to facilitate communication between processes and computers over SMB, often to exchange data between computers that have been authenticated.

Developers have optimized the SMB protocol for local subnet usage, but users have also put SMB to work to access different subnets across the Internet—exploits involving file-sharing or print-sharing in MS Windows environments usually focus on such usage.

SMB servers make their file systems and other resources available to clients on the network. Client computers may want access to the shared file systems and printers on the server, and in this primary functionality SMB has become best-known and most heavily used. However, the SMB file-server aspect would count for little without the NT domains suite of protocols, which provide NT-style domain-based authentication at the very least. Almost all implementations of SMB servers use NT Domain authentication to validate user-access to resources.


In 1991 Andrew Tridgell started the development of Samba, a free-software re-implementation (using reverse engineering) of the SMB/CIFS networking protocol for Unix-like systems, initially to implement an SMB server to allow PC clients running the DEC Pathworks client to access files on SunOS machines.[9][39] Because of the importance of the SMB protocol in interacting with the widespread Microsoft Windows platform, Samba became a popular free software implementation of a compatible SMB client and server to allow non-Windows operating systems, such as Unix-like operating systems, to interoperate with Windows.

As of version 3 (2003), Samba provides file and print services for Microsoft Windows clients and can integrate with a Windows NT 4.0 server domain, either as a Primary Domain Controller (PDC) or as a domain member. Samba4 installations can act as an Active Directory domain controller or member server, at Windows 2008 domain and forest functional levels.[40]

Package managers in Linux distributions can search for the cifs-utils package. The package is from the Samba maintainers.


NQ is a family of portable SMB client and server implementations developed by Visuality Systems, an Israel-based company established in 1998 by Sam Widerman, formerly the CEO of Siemens Data Communications. The NQ family comprises an embedded SMB stack (written in C), a Pure Java SMB Client and a storage SMB Server implementation. All of them support the latest SMB 3.1.1 dialect. NQ is portable to any non-Windows platform such as Linux, VxWorks, Integrity, iOS, Android, and all other operating systems.


MoSMB is a proprietary SMB implementation for Linux and other Unix-like systems, developed by Ryussi Technologies. It supports only SMB 2.x and SMB 3.x.[41]

Tuxera SMB

Tuxera SMB is a proprietary SMB server implementation developed by Tuxera that can be run either in kernel or user space.[42] It supports SMB 3.1.1 and previous versions.


Likewise developed a CIFS/SMB implementation (versions 1.0, 2.0, 2.1 and NFS 3.0) back in 2009 that provided a multiprotocol, identity-aware platform for network access to files used in OEM storage products built on Linux/Unix based devices. The platform could be used for traditional NAS, Cloud Gateway, and Cloud Caching devices for providing secure access to files across a network. Likewise was purchased by EMC Isilon in 2012.


CIFSD is an open source In-kernel CIFS/SMB server implemenation for Linux kernel. It has the following advantages over user-space implementations: It provides better performance, and it's easier to implement some features like SMB Direct. It supports SMB 3.1.1 and previous versions.

Performance issues

The use of the SMB protocol has often correlated with a significant increase in broadcast traffic on a network. However the SMB itself does not use broadcasts—the broadcast problems commonly associated with SMB actually originate with the NetBIOS service location protocol. By default, a Microsoft Windows NT 4.0 server used NetBIOS to advertise and locate services. NetBIOS functions by broadcasting services available on a particular host at regular intervals. While this usually makes for an acceptable default in a network with a smaller number of hosts, increased broadcast traffic can cause problems as the number of hosts on the network increases. The implementation of name resolution infrastructure in the form of Windows Internet Naming Service (WINS) or Domain Name System (DNS) resolves this problem. WINS was a proprietary implementation used with Windows NT 4.0 networks, but brought about its own issues and complexities in the design and maintenance of a Microsoft network.

Since the release of Windows 2000, the use of WINS for name resolution has been deprecated by Microsoft, with hierarchical Dynamic DNS now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NetBIOS names by DNS requires that a DNS client expand short names, usually by appending a connection-specific DNS suffix to its DNS lookup queries. WINS can still be configured on clients as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS.

Network designers have found that latency has a significant impact on the performance of the SMB 1.0 protocol, that it performs more poorly than other protocols like FTP. Monitoring reveals a high degree of "chattiness" and a disregard of network latency between hosts.[16] For example, a VPN connection over the Internet will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than a streaming protocol, that was originally designed for small LANs; it has a block size that is limited to 64K, SMB signing creates an additional overhead and the TCP window size is not optimized for WAN links.[43] Solutions to this problem include the updated SMB 2.0 protocol,[44] Offline Files, TCP window scaling and WAN acceleration devices from various network vendors that cache and optimize SMB 1.0[45] and 2.0.[46]

Microsoft's modifications

Microsoft added several extensions to its own SMB implementation. For example, it added NTLM, followed by NTLMv2 authentication protocols, in order to address security weakness in the original LAN Manager authentication. LAN Manager authentication was implemented based on the original legacy SMB specification's requirement to use IBM "LAN Manager" passwords, but implemented DES in a flawed manner that allowed passwords to be cracked.[47] Later, Kerberos authentication was also added. The NT 4.0 Domain logon protocols initially used 40-bit encryption outside of the United States, because of export restrictions on stronger 128-bit encryption[48] (subsequently lifted in 1996 when President Bill Clinton signed Executive Order 13026[49]). Opportunistic locking support has changed with each server release.

Opportunistic locking

In the SMB protocol, opportunistic locking is a mechanism designed to improve performance by controlling caching of network files by the client.[50] Unlike traditional locks, OpLocks are not strictly file locking or used to provide mutual exclusion.

There are four types of opportunistic locks:

Batch Locks
Batch OpLocks were created originally to support a particular behavior of DOS batch file execution operation in which the file is opened and closed many times in a short period, which is a performance problem. To solve this, a client may ask for an OpLock of type "batch". In this case, the client delays sending the close request and if a subsequent open request is given, the two requests cancel each other.[51]
Level 1 OpLocks / Exclusive Locks
When an application opens in "shared mode" a file hosted on an SMB server which is not opened by any other process (or other clients) the client receives an exclusive OpLock from the server. This means that the client may now assume that it is the only process with access to this particular file, and the client may now cache all changes to the file before committing it to the server. This is a performance improvement, since fewer round-trips are required in order to read and write to the file. If another client/process tries to open the same file, the server sends a message to the client (called a break or revocation) which invalidates the exclusive lock previously given to the client. The client then flushes all changes to the file.
Level 2 OpLocks
If an exclusive OpLock is held by a client and a locked file is opened by a third party, the client has to relinquish its exclusive OpLock to allow the other client's write/read access. A client may then receive a "Level 2 OpLock" from the server. A Level 2 OpLock allows the caching of read requests but excludes write caching.
Filter OpLocks
Added in NT 4.0., Filter Oplocks are similar to Level 2 OpLocks but prevent sharing-mode violations between file open and lock reception. Microsoft advises use of Filter OpLocks only where it is important to allow multiple readers and Level 2 OpLocks in other circumstances.

Clients holding an OpLock do not really hold a lock on the file, instead they are notified via a break when another client wants to access the file in a way inconsistent with their lock. The other client's request is held up while the break is being processed.

In contrast with the SMB protocol's "standard" behavior, a break request may be sent from server to client. It informs the client that an OpLock is no longer valid. This happens, for example, when another client wishes to open a file in a way that invalidates the OpLock. The first client is then sent an OpLock break and required to send all its local changes (in case of batch or exclusive OpLocks), if any, and acknowledge the OpLock break. Upon this acknowledgment the server can reply to the second client in a consistent manner.


Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components on which it directly relies.[52][53] Other vendors' security vulnerabilities lie primarily in a lack of support for newer authentication protocols like NTLMv2 and Kerberos in favor of protocols like NTLMv1, LanMan, or plaintext passwords. Real-time attack tracking[54] shows that SMB is one of the primary attack vectors for intrusion attempts,[55] for example the 2014 Sony Pictures attack,[56] and the WannaCry ransomware attack of 2017.[57]


The specifications for the SMB are proprietary and were originally closed, thereby forcing other vendors and projects to reverse-engineer the protocol in order to interoperate with it. The SMB 1.0 protocol was eventually published some time after it was reverse engineered, whereas the SMB 2.0 protocol was made available from Microsoft's MSDN Open Specifications Developer Center from the outset.[58] There are a number of specifications that are relevant to the SMB protocol:

  • MS-CIFS [3] MS-CIFS is a recent replacement (2007) for the draft-leach-cifs-v1-spec-02.txt a document widely used to implement SMB clients, but also known to have errors of omission and commission.
  • MS-SMB [4] Specification for Microsoft Extensions to MS-CIFS
  • MS-SMB2 [5] Specification for the SMB 2 and SMB 3 protocols
  • MS-FSSO [6] Describes the intended functionality of the Windows File Access Services System, how it interacts with systems and applications that need file services, and how it interacts with administrative clients to configure and manage the system.
  • MS-SMBD [7] SMB2 Remote Direct Memory Access (RDMA) Transport Protocol Specification

See also


  1. ^ "Common Internet File System". Microsoft TechNet Library. Retrieved August 20, 2013. The Common Internet File System (CIFS) is the standard way that computer users share files across corporate intranets and the Internet. An enhanced version of the Microsoft open, cross-platform Server Message Block (SMB) protocol, CIFS is a native file-sharing protocol in Windows 2000.
  2. ^ "Microsoft SMB Protocol and CIFS Protocol Overview". Microsoft MSDN Library. July 25, 2013. Retrieved August 20, 2013. The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix and other operating systems.
  3. ^ "Microsoft SMB Protocol and CIFS Protocol Overview". Microsoft. October 22, 2009. Retrieved April 10, 2019.
  4. ^ "Lan Manager Networking Concepts". Microsoft.
  5. ^ "MSKB887429: Overview of Server Message Block signing". Microsoft Corporation. November 30, 2007. Retrieved October 24, 2012. Security Signatures (SMB sequence numbers)
  6. ^ Jesper M. Johansson (September 8, 2005). "How to Shoot Yourself in the Foot with Security, Part 1". Microsoft Corporation. Retrieved October 24, 2012. This article addresses [...] Server Message Block (SMB) message signing.
  7. ^ "MSKB887429: Overview of Server Message Block signing". Microsoft Corporation. November 30, 2007. Retrieved October 24, 2012. By default, SMB signing is required for incoming SMB sessions on Windows Server 2003-based domain controllers.
  8. ^ Jose Barreto (December 1, 2010). "The Basics of SMB Signing (covering both SMB1 and SMB2)". Microsoft TechNet Server & Management Blogs. Retrieved October 24, 2012. This security mechanism in the SMB protocol helps avoid issues like tampering of packets and "man in the middle" attacks. [...] SMB signing is available in all currently supported versions of Windows, but it’s only enabled by default on Domain Controllers. This is recommended for Domain Controllers because SMB is the protocol used by clients to download Group Policy information. SMB signing provides a way to ensure that the client is receiving genuine Group Policy.
  9. ^ a b c Tridgell, Andrew. "Myths About Samba". Retrieved January 3, 2016.
  10. ^ "Direct hosting of SMB over TCP/IP". Microsoft. October 11, 2007. Retrieved November 1, 2009.
  11. ^ Kyttle, Ralph (May 13, 2017). "SMB1 – Audit Active Usage using Message Analyzer". Microsoft TechNet. Microsoft. Retrieved March 28, 2019.
  12. ^ "WebNFS - Technical Overview". Archived from the original on May 18, 2007.
  13. ^ * I. Heizer; P. Leach; D. Perry (June 13, 1996). "Common Internet File System Protocol (CIFS/1.0)".
  14. ^ Navjot Virk and Prashanth Prahalad (March 10, 2006). "What's new in SMB in Windows Vista". Chk Your Dsks. MSDN. Archived from the original on May 5, 2006. Retrieved May 1, 2006.
  15. ^ "(MS-SMB2): Server Message Block (SMB) Version 2 Protocol Specification". Microsoft. September 25, 2009. Retrieved November 1, 2009.
  16. ^ a b c d e Jose Barreto (December 9, 2008). "SMB2, a Complete Redesign of the Main Remote File Protocol for Windows". Microsoft TechNet Server & Management Blogs. Retrieved November 1, 2009.
  17. ^ Samba 3.5.0 Available for Download
  18. ^ Samba 3.6.0 Available for Download
  19. ^ a b Eran, Daniel (June 11, 2013). "Apple shifts from AFP file sharing to SMB2 in OS X 10.9 Mavericks". Retrieved January 12, 2014.
  20. ^ Vaughan, Steven J. (October 28, 2013). "Mavericks' SMB2 problem and fixes". ZDNet. Retrieved January 12, 2014.
  21. ^ MacParc. "10.9: Switch the SMB stack to use SMB1 as default". Mac OS X Hints. Retrieved January 12, 2014.
  22. ^ Topher Kessler (March 23, 2011). "Say adios to Samba in OS X". CNET.
  23. ^ Thom Holwerda (March 26, 2011). "Apple Ditches SAMBA in Favour of Homegrown Replacement".
  24. ^ "Linux 3.7 - Linux Kernel Newbies".
  25. ^ "Implementing an End-User Data Centralization Solution". Microsoft. October 21, 2009. pp. 10–11. Retrieved November 2, 2009.
  26. ^ a b c Jeffrey Snover (April 19, 2012). "Windows Server Blog: SMB 2.2 is now SMB 3.0". Microsoft. Retrieved June 14, 2012.
  27. ^ Chelsio Communications. "40G SMB Direct".
  28. ^ Jose Barreto (October 19, 2012). "SNIA Tutorial on the SMB Protocol" (PDF). Storage Networking Industry Association. Retrieved November 28, 2012.
  29. ^ Thomas Pfenning. "The Future of File Protocols: SMB 2.2 in the Datacenter" (PDF). Archived from the original (PDF) on July 20, 2012.
  30. ^ Joergensen, Claus (June 7, 2012). "SMB Transparent Failover – making file shares continuously available". Microsoft TechNet.
  31. ^ Savill, John (August 21, 2012). "New Ways to Enable High Availability for File Shares". Windows IT Pro.
  32. ^ "SMB Security Enhancements". Microsoft Technet. January 15, 2014. Retrieved June 18, 2014.
  33. ^ Jose Barreto (May 5, 2013). "Updated Links on Windows Server 2012 File Server and SMB 3.0". Microsoft TechNet Server & Management Blogs.
  34. ^ Jose Barreto (July 7, 2014). "Updated Links on Windows Server 2012 R2 File Server and SMB 3.02". Microsoft TechNet Server & Management Blogs.
  35. ^ Jose Barreto (December 12, 2013). "Storage Developer Conference – SDC 2013 slides now publicly available. Here are the links to Microsoft slides…". Microsoft TechNet Server & Management Blogs.
  36. ^ Eric Geier (December 5, 2013). " Improvements in the SMB 3.0 and 3.02 Protocol Updates".
  37. ^ Jose Barreto (May 5, 2015). "What's new in SMB 3.1.1 in the Windows Server 2016 Technical Preview 2". Microsoft TechNet Server & Management Blogs.
  38. ^ Tridgell, Andrew (June 27, 1997). "A bit of history and a bit of fun". Retrieved July 26, 2011.
  39. ^ "Samba 4 functional levels". February 25, 2011. Retrieved January 12, 2014.
  40. ^ Dr. Sunu Engineer. "Building a Highly Scalable and Performant SMB Protocol Server" (PDF).
  41. ^ "Microsoft and Tuxera strengthen partnership through Tuxera SMB Server". Microsoft. Microsoft News Center. Retrieved February 6, 2017.
  42. ^ Neil Carpenter (October 26, 2004). "SMB/CIFS Performance Over WAN Links". Microsoft. Retrieved November 1, 2009.
  43. ^ "What's New in SMB in Windows Server". Microsoft. Retrieved February 6, 2017.
  44. ^ Mark Rabinovich, Igor Gokhman. "CIFS Acceleration Techniques" (PDF). Storage Developer Conference, SNIA, Santa Clara 2009.
  45. ^ Mark Rabinovich. "Accelerating SMB2" (PDF). Storage Developer Conference, SNIA, Santa Clara 2011.
  46. ^ Christopher Hertel (1999). "SMB: The Server Message Block Protocol". Retrieved November 1, 2009.
  47. ^ "Description of Microsoft Windows Encryption Pack 1". Microsoft. November 1, 2006. Retrieved November 1, 2009.
  48. ^ "US Executive Order 13026" (PDF). United States Government. 1996. Retrieved November 1, 2009.
  49. ^ "Opportunistic Locks". Microsoft. Retrieved November 6, 2012.
  50. ^ Sphere, I.T. (2014), All About Opportunistic Locking, retrieved April 9, 2014
  51. ^ "MS02-070: Flaw in SMB Signing May Permit Group Policy to Be Modified". Microsoft. December 1, 2007. Retrieved November 1, 2009.
  52. ^ "MS09-001: Vulnerabilities in SMB could allow remote code execution". Microsoft. January 13, 2009. Retrieved November 1, 2009.,
  53. ^ "". Deutsche Telekom. March 7, 2013. Retrieved March 7, 2013.
  54. ^ "Alert (TA14-353A) Targeted Destructive Malware". US-CERT.
  55. ^ "Sony Hackers Used Server Message Block (SMB) Worm Tool".
  56. ^ "WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit". eWeek. Retrieved May 13, 2017.
  57. ^ Windows Protocols

External links

Apple Filing Protocol

The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS. In macOS, AFP is one of several file services supported, with others including Server Message Block (SMB), Network File System (NFS), File Transfer Protocol (FTP), and WebDAV. AFP currently supports Unicode file names, POSIX and access control list permissions, resource forks, named extended attributes, and advanced file locking. In Mac OS 9 and earlier, AFP was the primary protocol for file services.


BackupPC is a free disk-to-disk backup software suite with a web-based frontend. The cross-platform server will run on any Linux, Solaris, or UNIX-based server. No client is necessary, as the server is itself a client for several protocols that are handled by other services native to the client OS. In 2007, BackupPC was mentioned as one of the three most well known open-source backup software, even though it is one of the tools that are "so amazing, but unfortunately, if no one ever talks about them, many folks never hear of them".Data deduplication reduces the disk space needed to store the backups in the disk pool. It is possible to use it as D2D2T solution, if the archive function of BackupPC is used to back up the disk pool to tape. BackupPC is not a block-level backup system like Ghost4Linux but performs file-based backup and restore. Thus it is not suitable for backup of disk images or raw disk partitions.BackupPC incorporates a Server Message Block (SMB) client that can be used to back up network shares of computers running Windows. Paradoxically, under such a setup the BackupPC server can be located behind a NAT'd firewall while the Windows machine operates over a public IP address. While this may not be advisable for SMB traffic, it is more useful for web servers running Secure Shell (SSH) with GNU tar and rsync available, as it allows the BackupPC server to be stored in a subnet separate from the web server's DMZ.

It is published under the GNU General Public License.

Browser service

Browser service or Computer Browser Service is a feature of Microsoft Windows to let users easily browse and locate shared resources in neighboring computers. This is done by aggregating the information in a single computer "Browse Master" (or "Master Browser"). All other computers contact this computer for information and display in the Network Neighborhood window.

Browser service runs on MailSlot / Server Message Block and thus can be used with all supported transport protocol such as NetBEUI, IPX/SPX and TCP/IP. Browser service relies heavily on broadcast, so it is not available across network segments separated by routers. Browsing across different IP subnets need the help of Domain Master Browser, which is always the Primary Domain Controller (PDC). Therefore, browsing across IP subnets is not possible in a pure workgroup network.

CRAX Commander

Crax Commander, stylized CRAX, is a dual pane, orthodox file manager for macOS, written in the programming language Objective-C. The app is currently developed by Soft4U2 (Marcin Słowik) and is one of several replacement apps for Apple's Finder.

The program's look is similar to Finder, and it has many features and functions, so it is usable quickly as a replacement.The software uses the model of a dual-pane user interface, which is well-known from the domain of the Windows applications such as Total Commander. This approach assumes offering multi-tab browsing user interface with features enabling advanced search of files or folders, comparing files and folders, navigation in archive files, and a batch renaming tool with regular expression support. Such programs also include a built-in File Transfer Protocol (FTP) client, working with local and network drives, and a built-in file editor and viewer.Crax Commander improves productivity by offering user configurable keyboard shortcuts, built-in text editor with sync coloring, full user interface customizing including fonts and colors, archive support, and built in File Transfer Protocol (FTP), Server Message Block (SMB), Apple Filing Protocol (AFP), SSH File Transfer Protocol (SSH), and SSH File Transfer Protocol (sFTP).The program is available in demo and paid versions and provides many tools that will help users to manage files and folders while exploiting the dual-pane graphical user interface design.


CUPS (formerly an acronym for Common UNIX Printing System) is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer.

CUPS consists of a print spooler and scheduler, a filter system that converts the print data to a format that the printer will understand, and a backend system that sends this data to the print device. CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues. It also provides the traditional command line interfaces for the System V and Berkeley print systems, and provides support for the Berkeley print system's Line Printer Daemon protocol and limited support for the server message block (SMB) protocol. System administrators can configure the device drivers which CUPS supplies by editing text files in Adobe's PostScript Printer Description (PPD) format. There are a number of user interfaces for different platforms that can configure CUPS, and it has a built-in web-based interface. CUPS is free software, provided under the Apache License.

Dell Fluid File System

Dell Fluid File System, or FluidFS, is a shared-disk filesystem made by Dell that provides distributed file systems to clients. Customers buy an appliance: a combination of purpose-built network-attached storage (NAS) controllers with integrated primary and backup power supplies (i.e., the appliance) attached to block level storage via the iSCSI or Fiber Channel protocol. A single Dell FluidFS appliance consists of two controllers operating in concert (i.e., active/active) connecting to the back-end storage area network (SAN). Depending on the storage capacity requirements and user preference, FluidFS version 4 NAS appliances can be used with Compellent or EqualLogic SAN arrays. The EqualLogic FS7600 and FS7610 connect to the client network and to Dell's EqualLogic arrays with either 1 Gbit/s (FS7600) or 10 Gbit/s (FS7610) iSCSI protocol. For Compellent, FluidFS is available with either 1 Gbit/s or 10 Gbit/s iSCSI connectivity to the client network and connection to the backend Compellent SAN can be either 8 Gbit/s Fibre Channel or 10 Gbit/s iSCSI.

The FluidFS software layer running on the NAS Appliance creates a single name-space to the users, offering access via Server Message Block (SMB) and Network File System (NFS). It also includes features to prevent data-loss or corruption and uses caching to increase performance.


FTAM, ISO standard 8571, is the OSI application layer protocol for file transfer, access and management.

The goal of FTAM is to combine into a single protocol both file transfer, similar in concept to the Internet FTP, as well as remote access to open files, similar to NFS. However, like the other OSI protocols, FTAM has not been widely adopted, and the TCP/IP based Internet has become the dominant global network.

The FTAM protocol was used in the German banking sector to transfer clearing information. The Banking Communication Standard (BCS) over FTAM access (short BCS-FTAM) was standardized in the DFÜ-Abkommen (EDI-agreement) enacted in Germany on 15 March 1995. The BCS-FTAM transmission protocol was supposed to be replaced by the Electronic Banking Internet Communication Standard (EBICS) in 2010. The obligatory support for BCS over FTAM was ceased in December 2010.

RFC 1415 provides an FTP-FTAM gateway specification but attempts to define an Internet-scale file transfer protocol have instead focused on Server message block, NFS or Andrew File System as models.

File server

In computing, a file server (or fileserver) is a computer attached to a network that provides a location for shared disk access, i.e. shared storage of computer files (such as text, image, sound, video) that can be accessed by the workstations that are able to reach the computer that shares the access through a computer network. The term server highlights the role of the machine in the client–server scheme, where the clients are the workstations using the storage. It is common that a file server does not perform computational tasks, and does not run programs on behalf of its clients.

It is designed primarily to enable the storage and retrieval of data while the computation is carried out by the workstations.

File servers are commonly found in schools and offices, where users use a LAN to connect their client computers.

LAN Manager

LAN Manager was a network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.

List of products that support SMB

List of products that support the proprietary Server Message Block protocol of Microsoft.


MS-Net, sometimes stylized as MS-NET, was an early network operating system sold by Microsoft during the earliest days of local area networking (LANs). MS-Net was not a complete networking system of its own; Microsoft licensed it to vendors who used it as the basis for server programs that ran on MS-DOS, porting it to their own underlying networking hardware and adding services on top. Version 1.0 was announced on 14 August 1984 and released along with the PC/AT on 2 April 1985. A number of MS-Net products were sold during the late 1980s, before it was replaced by LAN Manager in 1990.

MS-Net's network interface was based on IBM's NetBIOS protocol definition, which allowed it to be ported to different networking systems with relative ease. It did not implement the entire NetBIOS protocol, however, only the small number of features required for the server role. One key feature that was not implemented was NetBIOS's name management routines, a feature 3rd parties often added back in. The system also supplied the program REDIR.EXE, which allowed transparent file access from DOS machines to any MS-Net based server.

Several products from the mid-to-late-1980s were based on the MS-Net system. IBM's PC-Net was a slightly modified version of the MS-Net system typically used with Token Ring. MS partnered with 3Com to produce the more widely used 3+Share system running on a 3Com networking stack based on the XNS protocol on Ethernet. Other well-known systems, including Banyan VINES and Novell NetWare, did not use MS-Net as their basis, using Unix and a custom OS, respectively. They did, however, allow access to their own files via the REDIR.EXE.

MS-Net was sold only for a short period of time. MS and 3Com collaborated on a replacement known as LAN Manager running on OS/2, using the new Server Message Block standard for file transfer. 3Com's version of the product retained their XNS-based protocol, but 3Com abandoned the server market not long after. MS's version remained based on NetBIOS and supported a number of underlying protocols and hardware. LAN Manager was itself replaced in 1993 by Windows NT 3.1.

My Network Places

My Network Places (formerly Network Neighborhood) is the network browser feature in Windows Explorer. It was first introduced in Windows 95 and Windows NT 4.0 and was renamed My Network Places in Windows 2000 and later.

My Network Places maintains an automatically-updated history of computers which the user has accessed before, by default placed in a folder called NetHood, found in the user's user profile. This default location can be changed by modifying the pair of NetHood registry entries found under the registry keys HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders. The feature also allows enumerating all computers on the local network that support the Server Message Block (SMB) protocol and are open to discovery.

In a workgroup of fewer than 32 computers, the list of network destinations in My Network Places is generated by one of the computers on the network, which has been designated "Browse Master" (sometimes called "master browser"). The Browse Master is elected by system strength. Sometimes when similar systems are connected to a network, there might be a conflict between Browse Masters with unexpected consequences, such as the disappearance of the list altogether or some system becoming unreachable. A system can be forced to decline Browse Master status by disabling the Browser service and rebooting. In a workgroup of 32 computers or more, the shortcuts are created automatically when the user opens a shared network resource, such as a printer or shared folder.Starting with Windows Vista, My Network Places is removed in favor of an integrated "Network" node in Windows Explorer. This node can only enumerate network computers but can do so via WS-Discovery and UPnP protocols, in addition to SMB.


NTLMSSP (NT LAN Manager (NTLM) Security Support Provider) is a binary messaging protocol used by the Microsoft Security Support Provider Interface (SSPI) to facilitate NTLM challenge-response authentication and to negotiate integrity and confidentiality options. NTLMSSP is used wherever SSPI authentication is used including Server Message Block / CIFS extended security authentication, HTTP Negotiate authentication (e.g. IIS with IWA turned on) and MSRPC services.

The Windows Service offering the acceptor side of NTLMSSP has been removed from Windows Vista and Windows Server 2008 in favor of the newer Kerberos authentication protocol. The NTLMSSP and NTLM challenge-response protocol have been documented in Microsoft's Open Protocol Specification.

Network File System

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The NFS is an open standard defined in Request for Comments (RFC), allowing anyone to implement the protocol.

Plug computer

A plug computer is an external device, often configured for use in the home or office as a compact computer. It consists of a high-performance, low-power system-on-a-chip processor with several I/O ports (USB ports, ...) and typically runs any of a number of Linux distributions. Most versions do not have provisions for connecting a display and are best suited as for running media server, back-up services, file sharing and remote access functions, thus acting as a bridge between in-home protocols such as Digital Living Network Alliance (DLNA) and Server Message Block (SMB) and cloud based services. There are, however, plug computer offerings that have analog VGA monitor and/or HDMI connectors, which, along with multiple USB ports, permit the use of a display, keyboard, and mouse, thus making them full-fledged, low-power alternatives to desktop and notebook computers.

The name "plug computer" is derived from the small configuration of such devices: plug computers are often enclosed in an AC power plug or AC adapter.

Plug computers typically consume little power and are inexpensive. One manufacturer claims its $119 plug computer draws 1.2 watts and can cost $2 a year to run.

Samba (software)

Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

Samba runs on most Unix, OpenVMS and Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's macOS Server, and macOS client (Mac OS X 10.2 and greater). Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.

Snort (software)

Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, former founder and CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013, at which Roesch is a chief security architect.In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".

Windows Vista networking technologies

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack,

to improve on the previous stack in several ways.

The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.


This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.