Exploring NetBIOS: Unveiling the Basics and Beyond
If you have started to learn about computer networks, you have likely encountered the term “NetBIOS.” However, what is it, exactly, and why is it used in networking?
NetBIOS is an API (application programming interface) for communication between devices on a LAN or local area network (Whitehead, 2022). First created in the 1980s, NetBIOS was originally designed to work on smaller LANs that used the NetBEUI (NetBIOS Extended User Interface) protocol. As networking technology evolved, however, TCP/IP became the dominant protocol suite (Rouse, 2021). This led to the development of NetBIOS over TCP/IP, a protocol that can operate on modern TCP/IP networks, allowing it to survive into the present day.
It offers various primary functions, including name resolution, establishing sessions between computers, and network enumeration and scanning. The next section sheds light on the NetBIOS protocol suite.
How Does NetBIOS Work?
NetBIOS name resolution is the process by which a NetBIOS name (a unique 16-byte identifier) is converted into an IP address, helping devices locate each other and communicate. This was originally accomplished via the NetBIOS Name Service (NBNS), a server that translates between human-readable names and IP addresses. However, newer systems can use DNS (domain name system) for this same purpose, although NBNS is still used to support legacy machines (Bogna, 2022).
Over the years, organizations have adapted the NetBIOS protocol in response to evolving network technology. Two examples of these adaptations are:
- NetBIOS over TCP/IP (NBT), which modified NetBIOS to work over TCP/IP networks such as the internet
- NetBIOS over IPX (NBIPX), which modified NetBIOS to work over IPX/SPX networks (an alternative to TCP/IP developed for the Novell NetWare operating system)
It uses various computer ports to facilitate communication between devices. The most common NetBIOS ports and their uses include:
- UDP port 137: NBNS name registration and resolution
- UDP port 138: NetBIOS Datagram Service (NBDS)
- TCP port 139: NetBIOS Session Service (NBSS)
- TCP port 445: SMB (Server Message Block) communication via NetBIOS over TCP/IP
Different Components
NetBIOS includes various components that work together to enable LAN device communication. These include:
- The NetBIOS API, a set of software functions and data structures for applications to communicate with NetBIOS services
- NetBIOS Name Service (NBNS), which performs NetBIOS name registration and resolution
- NetBIOS Session Service (NBSS), which establishes and maintains connections between devices
- NetBIOS Datagram Service (NBDS) allows devices to send datagrams (small packets of information) without establishing a session between them.
Pros and Cons of NetBIOS
Despite being an older networking protocol, one can expect various benefits. Below are some advantages:
- Simplicity: Provides a simple, easily implemented programming interface for applications to communicate with each other over a local area network.
- Legacy support: Many legacy computer systems are not configured for use with later networking protocols and require NetBIOS.
- Broadcast-based name resolution: NetBIOS name resolution uses broadcasts that allow devices to find each other without a centralized naming service, which benefits smaller networks.
On the other hand, there are also certain disadvantages, including:
- Security concerns: Various security issues and vulnerabilities can expose a network to attacks.
- Limited scalability: NetBIOS’ broadcast-based name resolution and lack of hierarchical structure make it ill-suited for large, complex networks.
Technological advances like NetBIOS over TCP/IP have helped with some limitations of the original NetBIOS API, such as being non-routable.
How Is NetBIOS Used in Modern Networks?
It has seen a decline in usage in modern networks compared to its height of popularity. While the NetBIOS protocol is sometimes used in specific scenarios, newer technologies and protocols have largely replaced NetBIOS for various reasons.
Some older systems, however, may still have NetBIOS enabled by default and may still be used for local file and print sharing or with legacy applications in these cases. It might also support older software that relies on the NetBIOS protocol suite and cannot be easily updated.
The main functions of it have been supplanted by alternatives such as SMB and DNS. SMB handles the task of sharing files, printers, and other resources over a network, while DNS has taken over the role of name resolution with a scalable, hierarchical approach.
Modern networks require more scalable, efficient, and secure communication protocols to handle the greater complexity of IT environments. Often, organizations choose to disable NetBIOS altogether to eliminate the security flaws and vulnerabilities introduced by its presence.
Some Common Issues
As an older networking protocol, there can be various issues, some of which are easier to solve than others. Some of the issues frequently encountered with NetBIOS include:
- Name resolution: NetBIOS name resolution can fail due to incorrect or conflicting names or problems with the NetBIOS name service. This leads to devices being unable to find each other, or access shared resources.
- Communication failures: NetBIOS devices can fail to communicate due to problems such as blocked ports, firewall issues, or incompatible settings.
- Performance issues: Because of the choice of broadcast-based name resolution, which generates excessive traffic, there can be significant network congestion and performance degradation.
- Security concerns: There are several security concerns and threats, such as spoofing, password sniffing, and session hijacking. Failure to adequately address these concerns can lead to network attacks and data breaches.
While NetBIOS can experience several common problems, the good news is that network administrators can usually troubleshoot, diagnose, and resolve NetBIOS issues. Some of the best practices for network defense with NetBIOS include:
- Verifying the settings across multiple devices
- Checking the firewall and port settings
- Segmenting large networks to reduce the impact of excessive traffic
- Updating network drivers and firmware to avoid compatibility issues
- Implementing security best practices, such as using encryption and restricting access to NetBIOS services
- Using network monitoring and logging tools to track NetBIOS traffic and detect anomalies
- Testing device connectivity and name resolution using various network tools
- Documenting network configuration, topology, and device settings
C|EH: Learn NetBIOS and Ethical Hacking
Beyond the use cases listed above, NetBIOS can also help with enumeration. Enumeration is extracting information such as valid usernames, machine names, directory names, and other valuable data in computing. This information is part of a reconnaissance and intelligence campaign to launch an attack against the IT environment.
Enumeration is a frequent activity in ethical hacking, helping an organization improve its IT defenses by detecting and resolving vulnerabilities. If you are interested in a career in the dynamic, in-demand field of ethical hacking, obtaining an ethical hacking certification is the ideal way to prove your knowledge and skills to prospective employers.
EC-Council’s Certified Ethical Hacker (C|EH) program teaches students everything they need to know to defend IT ecosystems from attackers, including networking technologies like NetBIOS.
The C|EH course is an intensive, five-day training course with 20 modules that thoroughly cover topics in ethical hacking. Students can practice their skills with more than 220 hands-on practical lab exercises and over 3,500 hacking tools to learn how to attack Windows, Linux, and Android operating systems.
References
- Bogna, John. (2022, July 5). What Is DNS? Everything You Need to Know About the Web’s Phone Book. PCMag. https://www.pcmag.com/how-to/what-is-dns-how-it-works-domain-name-system
- Rouse, Margaret. (2021, February 2). Transmission Control Protocol/Internet Protocol. https://www.techopedia.com/definition/2460/transmission-control-protocolinternet-protocol-tcpip
- Teske Whitehead, Coletta. (2022, January 31). What Is a LAN (Local Area Network)? https://www.lifewire.com/what-is-lan-4684071
Author Bio
David Tidmarsh is a programmer and writer. He’s worked as a software developer at MIT, has a B.A. in history from Yale, and is currently a graduate student in computer science at UT Austin.
