Server Message Block

Server Message Block

In computer networking, Server Message Block (SMB), also known as Common Internet File System (CIFS, /ˈsɪfs/) operates as an application-layer network protocol[1] mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as "Microsoft Windows Network" before the subsequent introduction of Active Directory. Corresponding Windows services are the "Server Service" (for the server component) and "Workstation Service" (for the client component).

The Server Message Block protocol can run atop the Session (and lower) network layers in several ways:



Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS "Interrupt 33" (21h) local file-access into a networked file-system[4]. Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product which it had started developing for OS/2 with 3Com circa 1990, and continued to add features to the protocol in Windows for Workgroups (circa 1992) and in later versions of Windows.

SMB was originally designed to run on top of the NetBIOS/NetBEUI API (typically implemented with NBF, NetBIOS over IPX/SPX, or NBT). Since Windows 2000, SMB runs, by default, with a thin layer, similar to the Session Message packet of NBT's Session Service, on top of TCP, using TCP port 445 rather than TCP port 139 — a feature known as "direct host SMB".[2]

At around the time when Sun Microsystems announced WebNFS,[5] Microsoft launched an initiative in 1996 to rename SMB to Common Internet File System (CIFS), and added more features, including support for symbolic links, hard links, larger file sizes, and an initial attempt at supporting direct connections over TCP port 445 without requiring NetBIOS as a transport (a largely experimental effort that required further refinement). Microsoft submitted some partial specifications as Internet-Drafts to the IETF,[6] though these submissions have expired.

The Samba project originated with the aim of reverse engineering the SMB protocol and implementing an SMB server to allow MS-DOS clients to use SMB to access files on Sun Microsystems machines.[7] Because of the importance of the SMB protocol in interacting with the widespread Microsoft Windows platform, Samba became a popular free implementation of a compatible SMB client and server for interoperating with non-Microsoft operating systems.

Microsoft introduced SMB2 with Windows Vista in 2006, and later improved on it in Windows 7.


Client-server approach

SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. One section of the SMB protocol specifically deals with access to filesystems, such that clients may make requests to a file server; but some other sections of the SMB protocol specialize in inter-process communication (IPC). The Inter-Process Communication (IPC) share or ipc$ is a network share on computers running Microsoft Windows. This virtual share is used to facilitate communication between processes and computers over SMB, often to exchange data between computers that have been authenticated.

Developers have optimized the SMB protocol for local subnet usage, but users have also put SMB to work to access different subnets across the Internet—exploits involving file-sharing or print-sharing in MS Windows environments usually focus on such usage.

SMB (Server Message Block) servers make their file systems and other resources available to clients on the network. Client computers may want access to the shared file systems and printers on the server, and in this primary functionality SMB has become best-known and most heavily used. However, the SMB file-server aspect would count for little without the NT domains suite of protocols, which provide NT-style domain-based authentication at the very least. Almost all implementations of SMB servers use NT Domain authentication to validate user-access to resources.

Performance issues


The use of the SMB protocol has often correlated with a significant increase in broadcast traffic on a network. However the SMB itself does not use broadcasts—the broadcast problems commonly associated with SMB actually originate with the NetBIOS service location protocol. By default, a Microsoft Windows NT 4.0 server used NetBIOS to advertise and locate services. NetBIOS functions by broadcasting services available on a particular host at regular intervals. While this usually makes for an acceptable default in a network with a smaller number hosts, increased broadcast traffic can cause problems as the size of the network increases. The implementation of name resolution infrastructure in the form of Windows Internet Naming Service (WINS) or Domain Name System (DNS) resolves this problem. WINS was a proprietary implementation used with Windows NT 4.0 networks, but brought about its own issues and complexities in the design and maintenance of a Microsoft network.

Since the release of Windows 2000, the use of WINS for name resolution has been deprecated by Microsoft, with hierarchical Dynamic DNS now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NETBIOS names by DNS requires that a DNS client expand short names, usually by appending a connection-specific DNS suffix to its DNS lookup queries. WINS can still be configured on clients as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS.

WAN performance issues

Network designers have found that latency has a significant impact on the performance of the SMB 1.0 protocol, that it performs more poorly than other protocols like FTP. Monitoring reveals a high degree of "chattiness" and a disregard of network latency between hosts.[8] For example, a VPN connection over the Internet will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than a streaming protocol, that was originally designed for small LANs; it has a block size that is limited to 64K, SMB signing creates an additional overhead and the TCP window size is not optimized for WAN links.[9] Solutions to this problem include the updated SMB 2.0 protocol, Offline Files, TCP window scaling and WAN acceleration devices from various network vendors that cache and optimize SMB 1.0.[10]

Microsoft's modifications

Microsoft added several extensions to its own SMB implementation. For example, it added NTLM, then NTLMv2 authentication protocols in order to address security weakness in the original LanMan authentication. LanMan authentication derived from the original legacy SMB specification's requirement to use IBM "LanManager" passwords, but implemented DES in a flawed manner that allowed passwords to be cracked.[11] Later, Kerberos authentication was also added. The NT 4.0 Domain logon protocols initially used 40-bit encryption outside of the United States of America, because of export restrictions on stronger 128-bit encryption[12] (subsequently lifted in 1996 when President Bill Clinton signed Executive order 13026[13]). Opportunistic locking support has changed with each server release.

Opportunistic locking

In the SMB protocol, opportunistic locking is a file locking mechanism designed to improve performance by controlling caching of network files by the client. Contrary to the traditional locks, OpLocks are not used in order to provide mutual exclusion. The main goal of OpLocks is to provide synchronization for caching. There are three types of opportunistic locks:

Batch Locks

Batch OpLocks were created originally to support a particular behavior of MS-DOS batch file execution operation in which the file is opened and closed many times in a short period, which is a performance problem. To solve this, a client may ask for a OpLock of type "batch". In this case, the client delays sending the close request and if a subsequent open request is given, the two requests cancel each other.

Exclusive Locks

When an application opens in "shared mode" a file hosted on an SMB server which is not opened by any other process (or other clients) the client receives an exclusive OpLock from the server. This means that the client may now assume that it is the only process with access to this particular file, and the client may now cache all changes to the file before committing it to the server. This is a performance improvement, since fewer round-trips are required in order to read and write to the file. If another client/process tries to open the same file, the server sends a message to the client (called a break or revocation) which invalidates the exclusive lock previously given to the client. The client then flushes all changes to the file.

Level 2 OpLocks

If an exclusive OpLock is held by a client and a locked file is opened by a third party, the client has to relinquish its exclusive OpLock to allow the other client's write/read access. A client may then receive a "Level 2 OpLock" from the server. A Level 2 OpLock allows the caching of read requests, but excludes write caching.


In contrast with the SMB protocol's "standard" behavior, a break request may be sent from server to client. It informs the client that an OpLock is no longer valid. This happens, for example, when another client wishes to open a file in a way that invalidates the OpLock. The first client is then sent an OpLock break and required to send all its local changes (in case of batch or exclusive OpLocks), if any, and acknowledge the OpLock break. Upon this acknowledgment the server can reply to the second client in a consistent manner.


Microsoft introduced a new version of the Server Message Block (SMB) protocol (SMB 2.0 or SMB2) with Windows Vista in 2006.[14] Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol.[15]

SMB2 reduces the 'chattiness' of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen.[8] It has mechanisms for pipelining, that is, sending additional requests before the response to a previous request arrives, thereby improving performance over high latency links. It adds the ability to compound multiple actions into a single request, which significantly reduces the number of round-trips the client needs to make to the server, improving performance as a result.[8] SMB1 also has a compounding mechanism — known as AndX — to compound multiple actions, but Microsoft clients rarely use AndX.[citation needed] It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network outages, as are typical in a wireless network, without having to incur the overhead of re-negotiating a new session.

SMB2 includes support for symbolic links. Other improvements include caching of file properties, improved message signing with HMAC SHA-256 hashing algorithm and better scalability by increasing the number of users, shares and open files per server among others.[8] The SMB1 protocol uses 16-bit data sizes, which amongst other things, limits the maximum block size to 64K. SMB2 uses 32 or 64-bit wide storage fields, and 128 bits in the case of file-handles, thereby removing previous constraints on block sizes, which improves performance with large file transfers over fast networks.[8]

Windows Vista and later operating systems use SMB2 when communicating with other machines running Windows Vista or later. SMB1 continues in use for connections with older versions of Windows, as well as systems like Samba and various vendors' NAS solutions. Samba 3.5 also includes experimental support for SMB2.[16] Samba 3.6 fully supports SMB2, except the modification of user quotas using the Windows quota management tools.[17]

SMB2 brings a number of benefits to third party implementers of SMB protocols. SMB1, originally designed by IBM, was reverse engineered, and later became part of a wide variety of non-Windows operating systems such as Samba, Xenix, OS/2 and VMS (Pathworks). X/Open standardised it partially; it also had draft IETF standards which lapsed. (See for historical detail.) SMB2 is also a relatively clean break with the past. Microsoft's SMB1 code has to work with a large variety of SMB clients and servers. SMB1 features many versions of information for commands (selecting what structure to return for a particular request) because features such as Unicode support were retro-fitted at a later date. SMB2 involves significantly reduced compatibility-testing for implementers of the protocol. SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support).

SMB 2.1

SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced minor performance enhancements with a new opportunistic locking mechanism.[18]


The SMB "Inter-Process Communication" (IPC) system provides named pipes and was one of the first inter-process mechanisms commonly available to programmers that provides a means for services to inherit the authentication carried out when a client[clarification needed] first connected to an SMB server.[citation needed]

Some services that operate over named pipes, such as those which use Microsoft's own implementation of DCE/RPC over SMB, known as MSRPC over SMB, also allow MSRPC client programs to perform authentication, which over-rides the authorization provided by the SMB server, but only in the context of the MSRPC client program that successfully makes the additional authentication.

Since Windows domain controllers use SMB to transmit policies at login, they have packet-signing enabled by default to prevent man-in-the-middle attacks; the feature can also be turned on for any server running Windows NT 4.0 Service Pack 3 or later.[19] The design of Server Message Block version 2 (SMB2) aims[citation needed] to mitigate this performance-limitation by coalescing SMB signals into single packets.

SMB supports opportunistic locking — a special type of locking-mechanism — on files in order to improve performance.

SMB serves as the basis for Microsoft's Distributed File System implementation.


Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components that it directly relies on,[20][21][22] with the most recent vulnerability involving the SMB2 implementation.[23]

Specifications for SMB and SMB2 Protocols

The specifications for the SMB are proprietary and were originally closed, thereby forcing other vendors and projects to reverse-engineer the protocol in order to interoperate with it. The SMB 1.0 protocol was eventually published some time after it was reverse engineered, whereas the SMB 2.0 procotol was made available from Microsoft's MSDN Open Specifications Developer Center from the outset.[24] There are a number of specifications that are relevant to the SMB protocol:

MS-CIFS is a recent replacement (2007) for the draft-leach-cifs-v1-spec-02.txt a document widely used to implement SMB clients, but also known to have errors of omission and commission

  • MS-SMB [3] Specification for Microsoft Extensions to MS-CIFS
  • MS-SMB2 [4] Specification for the SMB 2 protocol
  • MS-FSSO [5] Describes the intended functionality of the Windows File Access Services System, how it interacts with systems and applications that need file services, and how it interacts with administrative clients to configure and manage the system.

Versions and implementations

The list below explicitly refers to "SMB" as including an SMB client or an SMB server, plus the various protocols that extend SMB, such as the Network Neighborhood suite of protocols and the NT Domains suite.

  • Microsoft Windows includes an SMB client and server in all members of the Windows NT family and in Windows 95, Windows 98, and Windows Me.
  • Samba, which re-implements the SMB protocol and the Microsoft extensions to it as free software, includes an SMB server and a command-line SMB client. Version 3.0 or later is required for NTLMv2 authentication support, while versions 3.6+ or 4.0+ are required for SMB2 interoperability.
  • Samba TNG: a fork of Samba.
  • The Linux kernel includes two SMB client implementations that use the Linux VFS, providing access to files on an SMB server through the standard file system API: smbfs and cifs. Also it is possible to mount the whole hierarchy of workgroups/servers/shares ("neighborhood") through FUSE kernel module and its userspace counterpart fusesmb.
  • agorum core, open source enterprise content management system with fully integrated CIFS-Server for accessing documents.
  • ONStor Inc. offers an SMB implementation that also supports NFS protocol so users can access the same data through both protocols.
  • Novell NetWare version 6 and newer has a CIFS server implementation providing access to NetWare volumes for Microsoft Network clients.
  • FreeBSD includes an SMB client implementation called smbfs that uses its VFS.
  • NetBSD and Mac OS X include SMB client implementations called smbfs, originally derived from the FreeBSD smbfs; they use the NetBSD and OS X VFS.
  • Solaris has a project called CIFS client for Solaris, based on the Mac OS X smbfs.
  • OpenSolaris added in-kernel CIFS server support in October 2007.
  • Sun Microsystems Cascade, which became known as PC-Netlink, represents a port of Advanced Server for Unix. Sun took over two years making the code useful, due to the poor quality of the original port.
  • FreeNAS, a dedicated small-sized NAS server, runs FreeBSD for Network-attached storage (NAS) services, and supports protocols including CIFS/Samba
  • Advanced Server for Unix (AS/U) comprises a port of Windows NT 3.51's SMB server code to Unix. Microsoft licensed the code to AT&T, which then licensed it to major Unix vendors. The poor quality of the original port (allegedly[citation needed] carried out by Microsoft itself) has caused any vendor sub-licensing it significant grief.[citation needed]
  • VERITAS Software has an implementation of SMB.
  • SCO has a port of Advanced Server for Unix.
  • SCO also has VisionFS, a Microsoft-independent re-implementation of SMB developed through reference to Samba source code.[citation needed]
  • EMC has an SMB server with its Celerra platforms
  • NetApp has an SMB server implementation
  • Isilon has a cluster storage or scale-out NAS SMB server implementation from Likewise Software, although the first version of their product was based on Samba
  • Likewise Software offers Likewise-CIFS, an open source SMB/CIFS file server with support for both SMB1 and SMB2.
  • Objective Development's Sharity provides an SMB file-system client for Unix.
  • The Alfresco content-management system includes JLAN, a Java implementation of an SMB server
  • The LogicalDOC document management system includes a client for connecting to SMB, implemented in Java
  • JCIFS offers an implementation of an SMB client in Java
  • RTSMB, a CIFS/SMB implementation written in ANSI C. EBS designed RTSMB from scratch, independently of MS or SAMBA design reference, to run in embedded devices.
  • Visuality Systems NQ CIFS, a CIFS (SMB) server and client solution for embedded devices — ported to many popular real-time operating systems (RTOSs)
  • Thursby Software Systems developed DAVE, the first commercial implementation of SMB/CIFS for Classic Mac OS in 1996, co-writing the Mac standards with Microsoft in 2002.[25] It was later ported to Mac OS X. Thursby's DAVE, ADmitMac and ADmitMac PKI products include both an SMB client and an SMB server, and support Microsoft's DFS.
  • An iPhone application named Flash Files has an SMB server implementation.
  • Some Sony-Ericsson mobile phones have an SMB server built in.
  • The plan9 distribution contains both a CIFS/SMB server aquarela and client cifs
  • Blue Share by Blue Peach, a portable embedded CIFS Client Server stack offering both Real and Protected Mode (Multi-Process) operation, and secure authentication.
  • pysmb A python implementation of SMB/CIFS Client.

See also


  1. ^ "Microsoft SMB Protocol and CIFS Protocol Overview". Microsoft. 2009-10-22. Retrieved 2009-11-01. 
  2. ^ a b "Direct hosting of SMB over TCP/IP". Microsoft. 2007-10-11. Retrieved 2009-11-01. 
  3. ^ Richard Sharpe (8 October 2002). "Just what is SMB?". Retrieved 18 July 2011. 
  4. ^ WhichNAS "NAS Network Protocols Knowledge Base - NAS Basics" [1]
  5. ^ YANFS yet another nfs
  6. ^ * Common Internet File System Protocol (CIFS/1.0)
  7. ^ Tridgell, Andrew (June 27, 1997). "A bit of history and a bit of fun". Retrieved 2011-07-26. 
  8. ^ a b c d e Jose Barreto (2008-12-09). "SMB2, a Complete Redesign of the Main Remote File Protocol for Windows". Microsoft. Retrieved 2009-11-01. 
  9. ^ Neil Carpenter (2004-10-26). "SMB/CIFS Performance Over WAN Links". Microsoft. Retrieved 2009-11-01. 
  10. ^ Mark Rabinovich, Igor Gokhman. "CIFS Acceleration Techniques". Storage Developer Conference, SNIA, Santa Clara 2009. 
  11. ^ Christopher Hertel (1999). "SMB: The Server Message Block Protocol". Retrieved 2009-11-01. 
  12. ^ "Description of Microsoft Windows Encryption Pack 1". Microsoft. 2006-11-01. Retrieved 2009-11-01. 
  13. ^ "US Executive order 13026". United States Government. 1996. Retrieved 2009-11-01. 
  14. ^ Navjot Virk and Prashanth Prahalad (March 10, 2006). "What's new in SMB in Windows Vista". Chk Your Dsks. MSDN. Retrieved 2006-05-01. 
  15. ^ "(MS-SMB2): Server Message Block (SMB) Version 2 Protocol Specification". Microsoft. 2009-09-25. Retrieved 2009-11-01. 
  16. ^ Samba 3.5 - Release Notes Archive
  17. ^ Samba 3.6 - Release Notes Archive
  18. ^ "Implementing an End-User Data Centralization Solution". Microsoft. 2009-10-21. pp. 10–11. Retrieved 2009-11-02. 
  19. ^ "Overview of Server Message Block signing". Microsoft. 2007-11-30. Retrieved 2009-11-01. 
  20. ^ "MS02-070: Flaw in SMB Signing May Permit Group Policy to Be Modified". Microsoft. 2007-12-01. Retrieved 2009-11-01. 
  21. ^ "MS09-001: Vulnerabilities in SMB could allow remote code execution". Microsoft. 2009-01-13. Retrieved 2009-11-01. 
  22. ^ "MS08-068: Vulnerability in SMB could allow remote code execution". Microsoft. 2009-02-26. Retrieved 2009-11-01. 
  23. ^ "MS09-050: Vulnerabilities in SMB could allow remote code execution". Microsoft. 2009-10-13. Retrieved 2009-02-26. 
  24. ^ Windows Protocols
  25. ^ "Common Internet File System (CIFS) Technical Reference". 

External links

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Server message block — Pour les articles homonymes, voir SMB. Le protocole SMB (Server Message Block) est l ancien nom du protocole permettant le partage de ressources (fichiers et imprimantes) sur des réseaux locaux avec des PC sous Windows. Dans les dernières… …   Wikipédia en Français

  • Server Message Block — Server Message Block. Protocolo de red que permite compartir archivos e impresoras (entre otras cosas) entre nodos de una red. Es utilizado principalmente en ordenadores con Microsoft Windows. SMB fue originalmente inventado por IBM, pero la… …   Enciclopedia Universal

  • Server Message Block — SMB (сокр. от англ. Server Message Block)  сетевой протокол прикладного уровня для удалённого доступа к файлам, принтерам и другим сетевым ресурсам, а также для межпроцессного взаимодействия. Первая версия протокола была разработана… …   Википедия

  • Server Message Block — Pour les articles homonymes, voir SMB. Server Message Block Fonction Partage de fichiers et d imprimantes …   Wikipédia en Français

  • Server Message Block — Este artículo o sección necesita referencias que aparezcan en una publicación acreditada, como revistas especializadas, monografías, prensa diaria o páginas de Internet fidedignas. Puedes añadirlas así o avisar …   Wikipedia Español

  • Server Message Block — SMB über NetBIOS: Anwendung SMB Transport NetBIOS Vermittlung NetBEUI Netzwerk Ethernet Token Bus …   Deutsch Wikipedia

  • Server Message Block — NetBIOS Protokoll; LAN Manager Protokoll * * * Server Message Block,   SMB Protokoll …   Universal-Lexikon

  • Server Message Block —    Abbreviated SMB. A distributed file system network protocol, developed by Microsoft and adopted by many other vendors, that allows a computer to use the files and other resources of another computer as though they were local. For network… …   Dictionary of networking

  • Message passing — In der Informatik ist der Nachrichtenaustausch (engl. Message Passing) eine Kommunikationsform, die in der Nebenläufigkeits Programmierung (Concurrent programming), der parallelen Programmierung (Parallel programming), der objektorientierten… …   Deutsch Wikipedia

  • Server-Software — Ein Server (engl.: to serve = bedienen) ist ein Programm, welches auf die Kontaktaufnahme eines Client Programms wartet und nach Kontaktaufnahme mit diesem Nachrichten austauscht. Die Kommunikation erfolgt dabei nach dem sogenannten Client Server …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”