[MS-SMB2]: Overview (2024)

Article
02/26/2024

The Server Message Block (SMB) Protocol Versions 2 and 3,hereafter referred to as "SMB 2 Protocol", is an extension of theoriginal Server Message Block (SMB) Protocol (as specified in [MS-SMB]and [MS-CIFS]).Both protocols are used by clients to request file and print services from aserver system over the network. Both are stateful protocols in which clientsestablish a connection to a server, establish an authenticated context onthat connection, andthen issue a variety of requests to access files, printers, and named pipes forinterprocess communication.

The SMB 2 Protocol is a major revision of the existing SMBProtocol, as specified in [MS-SMB]. The packet formats are completely differentfrom those of the SMB Protocol; however, many of the underlying concepts arecarried over. The underlying transports that are used to initiate and acceptconnections are either Direct TCP as specified in section 2.1 or NetBIOS over TCPtransports as specified in [RFC1001] and [RFC1002].

To retain compatibility with existing clients and servers,the existing SMB Protocol can be used to negotiate the use of the SMB 2Protocol, as described in section 1.7. However, the twoprotocols will never be intermixed on a specified connection after one isselected during negotiation.

Like its predecessor, which was the original SMB Protocol(as specified in [MS-SMB]), the SMB 2 Protocol supports the following features:

Establishing one or more authenticated contexts for different security principals on aconnection.
Connecting to multiple shared resources on the target server on aconnection.
Opening, reading, modifying, or closing multiple files or namedpipes on the target server.
Using the opportunistic locking of files to allow clients tocache data for better performance.
Querying and applying attributes to files or volumes on thetarget server.
Canceling outstanding operations.
See Also
SMB Most Important Features | Visuality Systems Super Mario Bros. 2 SMB security enhancements Packet Carving with SMB and SMB2 | Chris Sanders
Passing through IO control code operations to the underlyingobject store on the server machine.
Validating the integrity of requests and responses.
Support for sharescoping and server aliases to allow a single server to appear as multipledistinct servers, as described in [MS-SRVS]section 1.3.

The SMB 2 Protocol provides several enhancements in additionto the preceding features:

Allowing an opento a file to be reestablished after a client connection becomes temporarilydisconnected.
Allowing the server to balance the number of simultaneousoperations that a client can have outstanding at any time.
Providing scalability in terms of the number of shares, users,and simultaneously open files.
Supporting symbolic links.
Using a stronger algorithm to validate the integrity of requestsand responses.

The SMB 2.1 dialect introduces the following enhancements:

Allowing a client to indicate support for multiple SMB 2 dialectsin a multi-protocol negotiate request.
Allowing a client to obtain and preserve client caching stateacross multiple opens from the same client.
See Also
SMB2 - Wireshark Wiki
Allowing a client to mark individual write operations onunbuffered handles to be treated as write-through.
Allowing a client to retrieve hashes of a file for use in branchcache retrieval, as specified in [MS-PCCRC]section 2.3.

The SMB 3.0 dialect introduces the following enhancements:

Allowing a client to retrieve hashes for a particular region of afile for use in branch cache retrieval, as specified in [MS-PCCRC] section 2.4.
Allowing a client to obtain lease on a directory.
Supporting the encryption of traffic between client and server ona per-share basis.
Supporting the use of Remote Direct Memory Access (RDMA)transports, when the appropriate hardware and network are available.
Supporting enhanced failover between client and server, includingoptional handle persistence.
Allowing an application to failover on a new client and open afile that was previously opened using an application instance identifier.
Allowing a client to bind a session to multipleconnections to the server. A request can be sent through any channel associated to thesession, and the corresponding response is sent through the same channel asused by the request. The following diagram shows an example of two sessionsusing multiple channels to the server.

Figure 1: Two sessions using multiple channels

The SMB 3.0.2 dialect introduces the following enhancements:

Allowing a client to detect asymmetric shares through tree connect response, sothat client can optimize its connections to the server, in order to improveavailability and performance when accessing such shares.
Allowing a client to request unbuffered read, write operations.
Allowing a client to request remote invalidation while performingI/O using RDMA transport.

The SMB 3.1.1 dialect introduces the following enhancements:

Supporting the negotiation of encryption and integrityalgorithms.
Enhanced protection of negotiation and session establishment.
Reconnecting with a specified dialect.
Supporting the compression of messages between client and server.
Supporting the encryption of RDMA payloads through negotiation ofRDMA transforms.
Supporting QUIC as a transport.
Supporting mutual authentication and client access control overQUIC.

FAQs

What is the SMB2 protocol used for? ›

Read On ›

How do I force Windows to use SMB2? ›

To enable SMB2 on Windows 10, you need to press the Windows Key + S, start typing and click on Turn Windows features on or off. You can also search the same phrase in Start, Settings. Scroll down to SMB 1.0/CIFS File Sharing Support and check that top box.

Discover More Details ›

How to fix SMB2 error? ›

Type windows features in the Windows Search box, and select the Turn Windows features on or off option. Once the Windows Features window opens, check the SMB1/CIFS File Sharing Support option, and hit OK. Restart your PC, and check if the problem with SMB2 is resolved.

What is the difference between SMB and SMB2? ›

The main difference is SMB2 (and now SMB3) is a more secure form of SMB. It is required for secure channel communications. The DirectControl agent (adclient) uses it to download Group Policy and uses NTLM authentication.

See Details ›

Should SMB2 be disabled? ›

SMB2 is still fine and if disabled may cause some scanners to stop scan to folder and other options (and other devices might stop working as well as most have only just stopped using SMB1). Disable SMB1 first and check the effects. Some equipment such as printers may only work with SMB1 and are not upgradeable.

Find Out More ›

Is SMB2 vulnerable? ›

Vulnerabilities in Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Vulnerability (MS09-050, Network Check) is a high risk vulnerability that is one of the most frequently found on networks around the world.

Tell Me More ›

How to check if SMB is enabled or not? ›

Check SMB status: Check the status of the SMB service by running the command "Get-Service -Name "LanmanServer"" in PowerShell. This command will display the status of the LanmanServer service, which is responsible for the SMB protocol.

Show Me More ›

How to tell what version of SMB is being used? ›

Your SMB version is listed in the Protocol Version field in the format SMX_YZ where X is the major version.

Explore More ›

What port does SMB2 use? ›

The well known TCP port for SMB2 is 445.

Does SMB2 support encryption? ›

SMB 2.0 used the older HMAC-SHA256 encryption algorithm. AES-CMAC and AES-CCM can significantly accelerate data encryption on most modern CPUs that have AES instruction support.

Show Me More ›

What is SMB2 enabled for DC connections? ›

The smb2-enabled-for-dc-connections command option enables the system default for the release of ONTAP you are using. The system default for ONTAP 9.4 and higher is disabled for SMB 1.0 and enabled for SMB 2.0. If the domain controller cannot negotiate SMB 2.0 initially, it uses SMB 1.0.

Read The Full Story ›

What is SMB2 error response? ›

The SMB2 ERROR Response packet is sent by the server to respond to a request that has failed or encountered an error. This response is composed of an SMB2 Packet Header (section 2.2. 1) followed by this response structure.

See Details ›

What is SMB2 set info? ›

The SMB2 SET_INFO Request packet is sent by a client to set information on a file or underlying object store. This request consists of an SMB2 header, as specified in section 2.2. 1, followed by this request structure.

Get More Info Here ›

What version of Samba support SMB2? ›

SMB2 in Samba is fully supported from Samba 3.6.

What is the difference between SMB1 and SMB2 protocol? ›

For example, SMB2 increased packet sizes to 32-bit — and even 128-bit for file handles — a significant improvement over SMB1's 16-bits. Subcommands for the SMB protocol were reduced from over 100 in SMB1 to less than 20 in SMB2 which reduced the “chattiness” (network noise and bandwidth consumption) SMB1 was known for.

Is SMB2 safe? ›

SMB2 and SMB3 Authentication Extensions - SMB2 and SMB3, the latest versions of SMB, introduce significant security improvements: Pre-Authentication Integrity (SMB2/3): Enhances security by verifying packet integrity during authentication, ensuring data remains secure.

View Details ›

What are the risks of SMB protocol? ›

However, SMB also poses significant security risks, as it can be exploited by attackers to gain unauthorized access, execute malicious code, or launch ransomware attacks. In this article, you will learn some of the most effective ways to secure the SMB protocol and protect your network from potential threats.