Server Message Block Protocol (SMB)
The Server Message Block protocol, or "SMB", is a remote file access protocol originally specified by Microsoft, IBM, and Intel. It's also referred to as the Common Internet File System, or "CIFS". It's one of the protocols most commonly used by DOS and Windows machines to access files on a file server.
Current versions of Windows, and some older versions of Windows, include both client and server code for SMB/CIFS; clients and servers were also available for older versions of DOS and Windows, and for OS/2. The Samba server is the most commonly used SMB/CIFS server on UN*X systems; Linux, FreeBSD, and macOS include clients for SMB/CIFS allowing those systems to access files on SMB/CIFS servers as if they were local files.
Originally, it ran atop a protocol, sometimes called "NetBEUI", that ran atop IEEE 802.2; that protocol implemented a networking API from IBM, and the IBM "LAN Technical Reference: 802.2 and NetBIOS APIs document" specifies the APIs and the protocol.
Specifications for implementations of the NetBIOS services, which are what the NetBEUI protocol implemented, also exist for UDP and TCP; the specifications for that are in RFC 1001 and RFC 1002, and the protocols specified by that are the NetBIOS Name Service (NBNS), NetBIOS Datagram Service (NBDS), and the NetBIOS Session Service (NBSS) protocols. NetBIOS-over-TCP is probably now the most common form of NetBIOS used by SMB. Specifications for SMB over the MAP/TOP protocol suite, based on the IsoProtocolFamily, also exist. NetBIOS is also supported in at least two forms over the NovellProtocolFamily.
SMB can now run directly atop TCP port 445, without using any of the NetBIOS services (other than a vestigial version of the session service, simplified to only provide packet boundaries over a TCP data stream). Windows 2000 might have been the first version of Windows to implement this.
At least at one point, a number of specifications for various dialects of SMB could be found in a directory on the Microsoft FTP site. The closest thing to an "official" specification for the current version of SMB/CIFS is the SNIA Common Internet File System Technical Reference, but that doesn't describe all the protocol features used by Microsoft clients and supported by Microsoft servers.
External Links
-
Implementing CIFS: The Common Internet File System by Christopher Hertel
-
Using Wireshark For Analysing CIFS Traffic by Ronnie Sahlberg (at Storage Developer Conference 2008)
Example Capture
Here is an example capture showing a wide range of SMB features. The capture was made using the Samba4 smbtorture suite, against a Windows Vista beta2 server
Open Questions
There is quite a bit we don't know about the SMB protocol. You can see a list of some of these open questions on the SMB/OpenQuestions page.
Imported from https://wiki.wireshark.org/SMB on 2020-08-11 23:24:49 UTC