How to check port 139 is open
|
The SMB port number is TCP 445. If you've heard people saying the port number is 139, they could be partially correct. Let’s understand the SMB ports 445, 139, 138, and 137 in detail. Show
Surender Kumar Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows Servers, Active Directory, PowerShell, web servers, networking, Linux, virtualization, and penetration testing. He loves writing for his blog. Latest posts by Surender Kumar (see all)
Admins need to know the SMB port number when it comes to setting up firewalls in Windows networks. The earlier version of SMB (SMB 1.0) was originally designed to operate on NetBIOS over TCP/IP (NBT), which uses port TCP 139 for session services, port TCP/UDP 137 for name services, and port UDP 138 for datagram services. (Read my previous comprehensive overview of the SMB protocol. By default, NBT is installed and enabled in Windows for backwards compatibility, but it is known for exposing file shares and other information to everyone on the network. While it is not a big problem in local networks, it could be a security risk if exposed to the Internet. Man-in-the-middle (MITM) and NetBIOS name service (NBNS) spoofing attacks are common with NTB-enabled networks—particularly if the related ports are not properly safeguarded. How are SMB and NBT related?NetBIOS over TCP/IP (NBT) is a completely independent service from SMB, and it doesn't depend on SMB for anything. The SMB protocol, on the other hand, may rely on NetBIOS to communicate with old devices that do not support the direct hosting of SMB over TCP/IP. Therefore, the SMB protocol relies on port 139 while operating over NBT. However, normally, for direct SMB over TCP/IP, the SMB port number is TCP 445. By the way, if both NetBIOS over TCP/IP and directly hosted SMB over TCP/IP are available (that is, if ports 445 and 139 are both listening), Windows tries both options at the same time. Whichever responds first is used for communication. The SMB 2.0 that was introduced with Windows Vista and Windows Server 2008 can operate solely on TCP port 445, and you can safely disable NBT for improved security and reduced network overhead caused by NetBIOS broadcasts. To see the status of ports 139 and 445 in your system, use the following PowerShell command: Get-NetTCPConnection -LocalPort 139,445 -ea 0 | select Local*, Remote*, State, @{n="ProcessName";e={(Get-Process -Id $_.OwningProcess).ProcessName}} | ft -Auto Viewing the status of ports TCP 139 and 445 using PowerShell The above screenshot shows that both ports TCP 139 and 445 are in the listening state by default. If you're interested in disabling the NBT, it needs to be done on each network interface individually. See the following screenshot for disabling it using the GUI on each network adapter: Disabling NBT on a network interface using GUI Disabling NBT using the GUI becomes tedious if you've got more than one network adapter. The following PowerShell command can help you disable it on all network interfaces at once: $adapters = (Get-WmiObject Win32_NetworkAdapterConfiguration | where {$_.IPEnabled -eq $true})
Foreach ($adapter in $adapters){
$adapter.SetTcpipNetbios(2)
}
where the value "2" with the SetTcpipNetbios method is used to disable NBT. By the way, the value "1" means enable NBT, and "0" means configure NBT by DHCP. Disabling NetBios on all network interfaces at once using PowerShell After disabling it, if you view the status of TCP ports, you will notice that port 139 is no longer listening on your system. Subscribe to 4sysops newsletter!Confirming that TCP port 139 is no longer listening If you do not have any old clients in your network, it is a good idea to block other ports, except for TCP 445 in the Windows Defender firewall. Does port 139 need to be open?If you are on Windows-based network that is running NetBios, it is perfectly normal to have port 139 open in order to facilitate that protocol. If you are not on a network using NetBios, there is no reason to have that port open.
What port number is 139?Port 139 is used by SMB dialects that communicate over NetBIOS. It operates as an application layer network protocol for device communication in Windows operating systems over a network. For example, printers and serials ports communicate via Port 139.
Is port 139 vulnerable?but every time we have to fight with security team to get the port 445 and 139 open to access the file server. AS per them these are the vulnerable ports and cannot be open.
Is SMB port 139 TCP or UDP?The SMB port number is TCP 445. If you've heard people saying the port number is 139, they could be partially correct. Let's understand the SMB ports 445, 139, 138, and 137 in detail. Surender Kumar has more than twelve years of experience in server and network administration.
|
