What’s Port 445 in W2K/XP/2003? – SMB Over TCP

by Daniel Petri - January 8, 2009

Among the new ports used by Windows 2000, Windows XP and Windows Server 2003, is TCP port 445, which is used for SMB over TCP.

Related: Windows XP End of Support Guide

The Server Message Block (SMB) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT, it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP).

In Windows 2000/XP/2003, Microsoft added the ability to run SMB directly over TCP/IP, without the extra layer of NetBT. Microsoft uses TCP port 445 for this.

In simplistic terms, NetBIOS on your LAN may be a necessary evil. NetBIOS on your WAN or over the Internet is an enormous security risk. All sorts of information, such as your domain, workgroup, and system names, as well as account information is obtainable through NetBIOS. It really is in your best interest to ensure that NetBIOS never leaves your network.

If you are using a router as your Internet gateway then you will want to ensure that it does not allow inbound or outbound traffic via TCP ports 135-139.

If you're using a firewall, then you should also block the TCP ports 135-139.

If you are using a multi-homed machine, where you might be using more than one network card, then you should disable NetBIOS on every network card, or dial-up connection under the TCP/IP properties that's not part of your local network.

How to disable NetBIOS over TCP/IP?

In Windows 2000/XP/2003, you can disable NetBIOS over TCP/IP. To do this, right click on My Network Places and select Properties. Next, right click on the appropriate Local Area Connection icon, and select Properties.

Network and Dial-up Connections pane in Windows 2000

Network and Dial-up Connections pane in Windows 2000

Next, click the Internet Protocol (TCP/IP) check box and and click the Properties button.

local-area-connection-properties-dialog

 

Local Area Connection Properties in Windows 2000

In the General dialog box, click the Advanced button.

TCP/IP properties dialog

TCP/IP Properties dialog box

 Navigate to the WINS tab, where you can enable or disable NetBIOS over TCP/IP.

Enable or disable NetBIOs over TCI/IP in the Advanced TCP/IP Settings

Enable or disable NetBIOs over TCI/IP in the Advanced TCP/IP Settings

The changes take effect immediately without rebooting the system.

You will get an event in your event log if you do not also disable the TCP/IP NetBIOS Helper Service. You can disable this service in Control Panel > Administrative Tools > Services, if desired.

Note: Computers that are running an operating system prior to Windows 2000 will be unable to browse, locate, or create file and print share connections to a Windows 2000/XP/2003 computer with NetBIOS disabled.

For more troubleshooting workarounds, please see the Petri IT Knowledgebase article, "Disable NetBIOS in W2K/XP/2003" page.

How to disable port 445?

You can easily disable port 445 on your computer. To do so, follow these instructions:

  1. Start registry editor (Regedit.exe).
  2. Locate the following key in the registry: HKLM\System\CurrentControlSet\ Services\NetBT\Parameters
  3. On the right-hand side of the window, find the TransportBindName option.
  4. Double click that value, then delete the default value. Now you will have a blank value.
  5. Close the registry editor.
  6. Reboot your computer.

After rebooting open a command prompt and type:

netstat -an

Now, your computer should no longer listen to port 445.

Client/Server port usage

When does Windows 2000/XP/2003 use port 445, and when does it use port 139?

From now on, I will refer to the "client" as the computer from where you map drives and other shared resources, and to the "server" as the computer with resources that are shared. I will also refer to NetBIOS over TCP/IP only as NetBT.

If the client has NetBT enabled, it will always try to connect to the server at both port 139 and 445 simultaneously. If there is a response from port 445, it sends a RST to port 139, and continues its SMB session to port 445 only. If there is no response from port 445, it will continue its SMB session to port 139 only, if it gets a response from there. If there is no response from either of the ports, then the session will fail completely.

If the client has NetBT disabled, it will always try to connect to the server at port 445 only. If the server answers on port 445, the session will be established and continue on that port. If it doesn't answer, the session will fail completely. This is the case if the server for example runs Windows NT 4.0.

If the server has NetBT enabled, it listens on UDP ports 137, 138, and on TCP ports 139, 445. If it has NetBT disabled, it listens on TCP port 445 only.

Related Articles



Join The Petri Insider - Weekly IT Tutorial and Tips, Whitepaper and Webinars