Understanding SMB and NetBIOS

Microsoft Windows printer- and file-sharing applications are based on NetBIOS (Network Basic Input Output System). The BIOS defines the applications interface used to request DOS I/O services. NetBIOS extends this with calls that support I/O over a network. Developed 20 years ago for the PC Network product sold by Sytek, the NetBIOS API outlived the original product to become part of Windows for Workgroups, LAN Manager, Windows 95/98/ME, and Windows NT/2000.

Originally, NetBIOS was a monolithic protocol that took data all the way from the application to the physical network. NetBIOS has changed over time into a layered protocol. Its layers include the NetBIOS API, the SMB protocol, and the NetBIOS Frame (NBF) protocol.

Today, NetBIOS runs over TCP/IP, which allows NetBIOS applications to run over large internets. It does this by encapsulating the NetBIOS messages inside TCP/IP datagrams. The protocol that does this is NetBIOS over TCP/IP (NBT), which is defined by RFCs 1001 and 1002.

NBT requires some method for mapping NetBIOS computer names, which are the addresses of a

NetBIOS network, to the IP addresses of a TCP/IP network. There are three methods:

IP broadcast A packet containing a NetBIOS computer name is broadcast, and when a host sees its own name in such a broadcast, it returns its IP address to the source of the broadcast.

lmhosts file A file that maps NetBIOS computer names to IP addresses.

NetBIOS Name Server (NBNS) A NBNS maps NetBIOS names to IP addresses for its clients. The Samba nmbd daemon can provide this service.

The systems on an NBT network are classified according to the way they resolve NetBIOS names to IP addresses. There are four possible classifications:

b-node A system that resolves addresses through broadcasts is a broadcast-node (b-node). Broadcasting is effective only on a physical network that supports broadcasts, and is usually limited to a single subnet.

p-node A system that directly queries an NBNS name server to resolve addresses is a point-to-point-node (p-node).

m-node A system that first uses broadcast address resolution and then falls back to an NBNS server is a mixed-node (m-node). Using a "dual approach" eliminates the complete dependence on an NBNS server that is the weakness of the p-node solution. The problem with m-node is that it uses the least-desirable broadcast approach first. In practice, m-nodes are very rarely used.

h-node A system that first attempts to resolve the address using the NBNS server; then falls back to using broadcasts; and if all else fails, looks for a local lmhosts file is a hybrid-node (h-node). h-node is the method used by most systems.

Was this article helpful?

0 0

Post a comment