You are on page 1of 2

http://wiki.wireshark.

org/SMB
Server Message Block Protocol (SMB)

The Server Message Block protocol, or "SMB", is a remote file access protocol
originally specified by Microsoft, IBM, and Intel. It's also referred to as the Common
Internet File System, or "CIFS". It's one of the protocols most commonly used by DOS and
Windows machines to access files on a file server.
Current versions of Windows, and some older versions of Windows, include both
client and server code for SMB/CIFS; clients and servers were also available for older
versions of DOS and Windows, and for OS/2. The Samba server is the most commonly
used SMB/CIFS server on UN*X systems; Linux, FreeBSD, and Mac OS X include clients
for SMB/CIFS allowing those systems to access files on SMB/CIFS servers as if they were
local files.
Originally, it ran atop a protocol, sometimes called "NetBEUI", that ran atop IEEE
802.2; that protocol implemented a networking API from IBM, and the IBM "LAN
Technical Reference: 802.2 and NetBIOS APIs document" specifies the APIs and the
protocol.
Specifications for implementations of the NetBIOS services, which are what the
NetBEUI protocol implemented, also exist for UDP and TCP; the specifications for that are
in RFC 1001 and RFC 1002, and the protocols specified by that are the NetBIOS Name
Service (NBNS), NetBIOS Datagram Service (NBDS), and the NetBIOS Session Service
(NBSS) protocols. NetBIOS-over-TCP is probably now the most common form of
NetBIOS used by SMB. Specifications for SMB over the MAP/TOP protocol suite, based
on the IsoProtocolFamily, also exist. NetBIOS is also supported in at least two forms over
the NovellProtocolFamily.
SMB can now run directly atop TCP port 445, without using any of the NetBIOS
services (other than a vestigial version of the session service, simplified to only provide
packet boundaries over a TCP data stream). Windows 2000 might have been the first
version of Windows to implement this.
At least at one point, a number of specifications for various dialects of SMB could
be found in a directory on the Microsoft FTP site. The closest thing to an "official"
specification for the current version of SMB/CIFS is the SNIA Common Internet File
System Technical Reference, but that doesn't describe all the protocol features used by
Microsoft clients and supported by Microsoft servers.
External Links
Implementing CIFS: The Common Internet File System by Christopher Hertel
http://wiki.wireshark.org/SMB
Using Wireshark For Analysing CIFS Traffic by Ronnie Sahlberg (at Storage
Developer Conference 2008)
Example Capture
Here is an example capture showing a wide range of SMB features. The capture was
made using the Samba4 smbtorture suite, against a Windows Vista beta2 server
Open Questions
There is quite a bit we don't know about the SMB protocol. You can see a list of
some of these open questions on the SMB/OpenQuestions page.