How does the SMB protocol work?
The SMB protocol enables an application — or the user of an application — to access files on a remote server, as well as other resources, including printers, mail slots and named pipes. Thus, a client application can open, read, move, create and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request.
The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client and server to establish a connection.
An early dialect of the SMB protocol, Common Internet File System (CIFS), gained notoriety as a chatty protocol that bogged down wide area network (WAN) performance due to the combined burdens of latency and CIFS’ numerous acknowledgments. The next dialect, SMB 2.0, improved the protocol’s efficiency by drastically reducing its hundreds of commands and subcommands down to just 19.
The SMB protocol operates in Layer 7, also known as the application layer, and can be used over TCP/IP on port 445 for transport. Early dialects of the SMB protocol use the application programming interface (API) NetBIOS over TCP/IP, or legacy protocols such as the Internetwork Packet Exchange or NetBEUI. Today, communication with devices that do not support SMB directly over TCP/IP requires the use of NetBIOS over a transport protocol, such as TCP/IP.
A client and server may implement different variations of SMB, which they negotiate before starting a session.
SMB protocol dialects
Variants of the SMB protocol have improved the original implementation’s capabilities, scalability, security and efficiency. Here is a brief overview of the SMB protocol’s notable dialects:
- SMB 1.0 (1984): Created by IBM for file sharing in DOS. Introduced opportunistic locking (OpLock) as a client-side caching mechanism designed to reduce network traffic. Microsoft would later include the SMB protocol in its LAN Manager product.
- CIFS (1996): Microsoft-developed SMB dialect that debuted in Windows 95. Added support for larger file sizes, transport directly over TCP/IP, and symbolic links and hard links.
- SMB 2.0 (2006): Released with Windows Vista and Windows Server 2008. Reduced chattiness to improve performance, enhanced scalability and resiliency, and added support for WAN acceleration.
- SMB 2.1 (2010): Introduced with Windows Server 2008 R2 and Windows 7. The client oplock leasing model replaced OpLock to enhance caching and improve performance. Other updates included large maximum transmission unit (MTU) support and improved energy efficiency, which enabled clients with open files from an SMB server to enter sleep mode.
- SMB 3.0 (2012): Debuted in Windows 8 and Windows Server 2012. Added several significant upgrades to improve availability, performance, backup, security and management. Noteworthy new features included SMB Multichannel, SMB Direct, transparent failover of client access, Remote VSS support, SMB Encryption and more.
- SMB 3.02 (2014): Introduced in Windows 8.1 and Windows Server 2012 R2. Included performance updates and the ability to completely disable CIFS/SMB 1.0 support, including removal of the related binaries.
- SMB 3.1.1 (2015): Released with Windows 10 and Windows Server 2016. Added support for advanced encryption, preauthentication integrity to prevent man-in-the-middle attacks and cluster dialect fencing, among other updates.
In 2017, the WannaCry and Petya ransomware attacks exploited a vulnerability in SMB 1.0 to load malware on vulnerable clients and propagate it across networks. Microsoft subsequently released a patch, but experts have advised users and administrators to take the additional step of disabling SMB 1.0/CIFS on all systems.
CIFS vs. SMB
As noted in the list above, CIFS is an early dialect of the SMB protocol developed by Microsoft. Although the terms are sometimes used interchangeably, CIFS only refers to a single implementation of SMB. Most modern systems use more recent dialects of the SMB protocol.
Samba vs. SMB
Released in 1992, Samba is an open source implementation of the SMB protocol for Unix systems and Linux distributions. It supports file sharing and print services, authentication and authorization, name resolution, and service announcements between Linux/Unix servers and Windows clients.