Q: TCP/IP Ports for Client for MS Networks

[Lou Arnold]

Does anyone know the TCP/IP port numbers used by the "Client for MS
Networks" service/capability that can be enabled for a LAN connection?

I am trying to run a server on one machine and a client on another, in
a simple peer network, both currently without a firewall. The
arrangement works as long as Client for MS Networks is enabled in the
server system. However, I need to document and enable the proper port
in a firewall to be added to the server system.

Lou Arnold
Ottawa, Canada.

 

[Steven L Umbach]

Client for Microsoft Networks allows clients to access server shares so you need to
look at the ports that the server service uses. The link below shows ports used on a
Windows 2000 Server for various applications and services including the server
service. Logon to a domain controller uses more ports but from your description it
does not sound like a domain. Ports 137 and 138 are used for netbios name resolution
and network browsing [My Network Places] that users use to locate network shares. For
over the internet a VPN tunnel should be used for access to server shares.--- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

Server service.

Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445

 

[Lou Arnold]

Steven,
Thanks for the KB article. It will no doubt be very useful.

I understand your comment about knowing the ports that the server
uses. In this case, the client is MS Access and the server is SQL
Server 2000. I do know what ports this software uses and we will open
those ports in the firewall.

However, in the same way that File and Printer Sharing, that we have
disabled for security reasons, uses certain ports, I thought that
Client for MS Networks also uses certain ports. I guess Client for MS
Networks doesn't conveniently map to any specific ports, but enables
servers to use their ports to connect to clients. Please correct me if
I'm wrong here.

Lou.

Client for Microsoft Networks allows clients to access server shares so you need to
look at the ports that the server service uses. The link below shows ports used on a
Windows 2000 Server for various applications and services including the server
service. Logon to a domain controller uses more ports but from your description it
does not sound like a domain. Ports 137 and 138 are used for netbios name resolution
and network browsing [My Network Places] that users use to locate network shares. For
over the internet a VPN tunnel should be used for access to server shares.--- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

Server service.

Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445

Does anyone know the TCP/IP port numbers used by the "Client for MS
Networks" service/capability that can be enabled for a LAN connection?

I am trying to run a server on one machine and a client on another, in
a simple peer network, both currently without a firewall. The
arrangement works as long as Client for MS Networks is enabled in the
server system. However, I need to document and enable the proper port
in a firewall to be added to the server system.

Lou Arnold
Ottawa, Canada.

 

[Steven L Umbach]

Client for Microsoft Networks does not open any ports on a computer to
allow inbound connections and is not required for a server to offer shares.
Since it is a client it does not use any particalar ports. Internet Explorer
for instance is a client application to access web servers typically on
ports 80 and 443 tcp. When a client accesses a server application the client
usually user random above 1024 range ports for the connection that is
negotiated with the server. If you connect to a website and do a netstat -an
on your computer you will see that your computer uses different ports to
connect to the web servers on port 80.

You can however configure a firewall to restrict connections to a server
from only certain IP address/subnets even if the suorce port range may be
"any". For instance If I wanted to configure my firewall to only allow
Terrminal Service connections from my subnet I would configure a rule that
has the destination as the Terminal Server IP, the protocol as TCP, and the
port as 3389. Then I would list the source as my subnet IP, protocol TCP,
and ports as any. Hope that helps. --- Steve

Steven,
Thanks for the KB article. It will no doubt be very useful.

I understand your comment about knowing the ports that the server
uses. In this case, the client is MS Access and the server is SQL
Server 2000. I do know what ports this software uses and we will open
those ports in the firewall.

However, in the same way that File and Printer Sharing, that we have
disabled for security reasons, uses certain ports, I thought that
Client for MS Networks also uses certain ports. I guess Client for MS
Networks doesn't conveniently map to any specific ports, but enables
servers to use their ports to connect to clients. Please correct me if
I'm wrong here.

Lou.

Client for Microsoft Networks allows clients to access server shares so you need to
look at the ports that the server service uses. The link below shows ports used on a
Windows 2000 Server for various applications and services including the server
service. Logon to a domain controller uses more ports but from your description it
does not sound like a domain. Ports 137 and 138 are used for netbios name resolution
and network browsing [My Network Places] that users use to locate network shares. For
over the internet a VPN tunnel should be used for access to server shares.--- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;832017

Server service.

Application protocol Protocol Ports
NetBIOS Datagram Service UDP 138
NetBIOS Name Resolution UDP 137
NetBIOS Session Service TCP 139
SMB TCP 445

Does anyone know the TCP/IP port numbers used by the "Client for MS
Networks" service/capability that can be enabled for a LAN connection?

I am trying to run a server on one machine and a client on another, in
a simple peer network, both currently without a firewall. The
arrangement works as long as Client for MS Networks is enabled in the
server system. However, I need to document and enable the proper port
in a firewall to be added to the server system.

Lou Arnold
Ottawa, Canada.