NetBios . (“Network Basic Input / Output System”). Is, strictly speaking, an interface specification for network access services, ie a layer of software developed to link an operating system to network with hardware specific. NetBIOS was originally developed by IBM and Sytek as an API / APIS for Local Area Network (LAN) resource client software . Since its inception, NetBIOS has become the foundation for many other network applications.
Summary
[ hide ]
- 1 First steps
- 2 NetBIOS protocol
- 3 Utility
- 4 Operation and services
- 5 How to disable NetBIOS in Windows 98
- 6 Name resolution
- 7 Distinction between NetBIOS names and domain names
- 8 NetBIOS name resolution methods
- 9 Sources
First steps
In 1984 , IBM designed a simple “application programming interface” (API / APIS) to network their computers, called the Network Basic Input / Output System (NetBIOS). The NetBIOS API provided a rudimentary design for an application to connect and share data with other computers.
It is useful to think of APINetBIOS as network extensions for standard BIOS API calls. With BIOS , each low-level call is confined to the local machine’s hardware and needs no help traveling to its destination. NetBIOS, however, originally had to exchange instructions with IBM PC or Token Ring network computers. It therefore required a low-level transport protocol to carry requests from one computer to the next.
At the end of 1985 , IBM launched this protocol, which it joined with APINetBIOS to become NetBIOS Extended User Interface (NetBEUI). NetBEUI was designed for local area networks (LANs), and allowed each machine to use a name (up to 15 characters) that was not being used on the network. We understand by small LAN , a network of less than 255 nodes.
The NetBEUI protocol became very popular in applications, including those running under Windows for Groups. Later, Novell implementations of NetBIOS over IPX protocols]] emerged, competing with NetBEUI. However, the network protocols of choice for the Internet community were TCP / IP and UDP / IP, and implementations of NetBIOS APIs / APIs on top of those protocols soon became a necessity.
One thing to note is that TCP / IP uses numbers to represent computer addresses, such as 192.168.220.100, while NetBIOS uses only names. This was the biggest problem to be solved when linking the two protocols. In 1987, the Internet Engineering Task Force (IETF) published a series of standardization documents, titled RFC 1001 and RFC 1002, that outlined how NetBIOS could work over a TCP / UDP network. This set of documents still governs every single implementation that exists today, including those provided by Microsoft for their operating systems, as well as the Samba suite.
NetBIOS protocol
It is a name resolution protocol that can be encapsulated over TCP / IP. NetBIOS works at the application layer level, giving a uniform appearance to all Windows networks regardless of the protocols used for the network and transport layers. It allows you to share files and printers as well as view the resources available in Network Neighborhood.
NetBIOS uses ports 137, 138 and 139. It is a protocol exclusive to Windows machines. We can find out if our computer has NetBIOS enabled using the command netstat -an. This command will inform us if we have the three previous ports in LISTENING mode. C: \ WINDOWS> netstat-an Much of the security criticism towards Windows environments focuses on the NetBIOS protocol. For security reasons, this protocol should be disabled whenever it is not essential. Let’s see 4 examples, who needs to have the NetBIOS protocol active (ports 137, 138 and 139 open)? Who should disable it? A web server
A Windows 98 connected to the Internet using a modem
A Windows 98 that participates in a company network
A user and file server In the first case, NetBIOS should be disabled since a web server does not share resources through Network Neighborhood or access shared resources of other computers (the web page service, HTTP, works exclusively with TCP / IP ). In the second case, NetBIOS is also not required for the same reasons above. In case number three things change since this computer probably needs to access shared resources of other computers as well as print to remote printers. The server in example four also requires NetBIOS. It is necessary so that other users can access your files in a comfortable way.
Note: Is it possible to access files on other computers without having NetBIOS enabled? Yes, of course: using TCP / IP’s own services. Specifically, the file transfer service or FTP. The computer that offers the resources is configured as an FTP server (port 21 open). The rest of the computers will use an FTP client to connect to the server. However, this does not allow working directly on remote files, but it is necessary to make a previous copy of the files to our computer before making modifications.
Utility
In short, NetBIOS allows applications to ‘talk’ to the network. Its intention is to isolate the application programs from any type of hardware dependency. It also saves software developers from developing low-level message routing or routing or failover routines. Colloquially speaking, NetBIOS does the ‘dirty work’.
In a local network with NetBIOS support, computers are known and identified by a name. Each computer on the network has a unique name. Each PC in a local NetBIOS network communicates with the others either by establishing a connection (session), using NetBIOS datagrams or by broadcast. The sessions allow, as in the TCP protocol, to send longer messages and manage the control and recovery of errors. Communication will be point to point.
On the other hand, the datagram and broadcast methods allow a computer to communicate with a few others at the same time, but being limited in the size of the message. Also, there is no error control or recovery (as is the case in UDP). In return, greater efficiency is achieved with short messages, by not having to establish a connection.
Operation and services
NetBIOS provides the session services described in layer 5 of the OSI model. It is responsible for establishing the session and maintaining the connections. But this protocol must be transported between machines through other protocols; Because by itself it is not enough to transport the data in LAN or WAN networks , for which it must use another transport mechanism (Eg: in LAN networks NetBEUI protocol, in WAN networks TCP / IP protocol). The protocols that can provide the transport service to NetBIOS are:
- IPC / IPX
- NetBEUI
- TCP / IP
The fact that it has to be transported by other protocols is due to the fact that operating in OSI layer 5 does not provide a data format for transmission, which is provided by the aforementioned protocols. NetBIOS enables connection-oriented (TCP) or connectionless (UDP) communication. It supports both broadcast and multicast, as well as 4 different types of services: General Services, Name Service, Session Service and Datagram Service.
When an application program requires NetBIOS services, it executes a specific software interrupt. This interrupt routes microprocessor control to the network adapter software processing the order. When an application program issues a NetBIOS interrupt, it requires a network service. The NetBIOS interface defines exactly how application programs can use the NetBIOS interrupt and its services.
The NetBIOS identifies these services through the NCB_COMMAND field of the Network Control Block, of a NetBIOS command. These services can be divided into 4 basic groups: General Services, Naming Services, Session Services and Datagram Services
How to disable NetBIOS in Windows 98
We have probably noticed that the box “I want to enable NetBIOS in TCP / IP” located in the NetBIOS tab of the TCP / IP properties is checked and does not allow to change it. The netstat -an command will inform us that we have the NetBIOS ports open. How can we disable NetBIOS? The key is located in the Client for Microsoft Networks. This network component allows access to shared resources of other computers (it is the one that opens ports 137, 138 and 139). It is also required, in addition to the File and Printer Sharing service for Microsoft Networks, to share resources on the network.
The steps to follow are:
- In the Network Neighborhood properties remove all installed clients (either the Client for Microsoft Networks or the Microsoft Family Login).
- In the TCP / IP properties we can see how the box “I want to enable NetBIOS in TCP / IP” has been automatically unchecked.
- We accept the new configuration. Windows will display the prompt “Your network is not complete. Do you want to continue?”. We indicate “Yes” and restart the computer.
- When starting the computer, the Login window will not appear asking us for a password, since we are not now a client of any Microsoft network.
- With the netstat -an command, verify that open NetBIOS ports do not appear.
This procedure will remove the Network Neighborhood icon from the desktop, as well as other NetBIOS commands (such as Find Computer). The computer will no longer be able to share files or printers (it will not be able to function as a NetBIOS server) and it will not be able to access shared resources (it will not be able to act as a NetBIOS client). However, Internet services (web pages, FTP, mail …) will continue to work because they do not require NetBIOS to function, only TCP / IP.
Name resolution
Using names to refer to computers on a network is usually more convenient than dealing directly with IP addresses. However, the TCP / IP family of protocols is not able to reach a computer with only its name: it needs to obtain its IP address first. The mechanism for translating names to IP addresses is what is known as name resolution.
Whenever we type a name, either in the Windows “Find PC” box, in a web browser or in a TCP / IP command, the computer will have to take the extra step of finding out its IP address before it can continue (it will be slightly slower than if we type in its IP address).
Distinction between NetBIOS names and domain names
A Windows computer with TCP / IP installed has two names that usually match:
- NetBIOS name. This is the name defined in the “Computer Name” box within the “Identification” tab of the Network Neighborhood properties. This name is what Windows uses in Network Neighborhood.
- Domain name (or host name). It is the name that is defined in the tab
“DNS Configuration” of TCP / IP properties. The fully qualified domain name is the host name followed by a period and the domain. For example, if the host is “server” and the domain is “mired”, the fully qualified domain name will be “server.mired”. The domain name is used to identify a computer on the Internet (for example, goliat.sim.ucm.es). Note: A non-Windows computer (ie Windows but with NetBIOS disabled) will not have a NetBIOS name.
On the other hand, a Windows computer that does not have the TCP / IP protocol installed will not have a domain name. A web server on Linux is an example of the first case and a Windows Me using only the NetBEUI protocol is an example of the second. In the following sections we study the main name resolution mechanisms that allow us to translate a NetBIOS name or a domain name to its corresponding IP address.
NetBIOS name resolution methods
- NetBIOS cache. It is a pivot table stored on each computer that contains the latest names that have been resolved by other methods. This table can be viewed using the nbtstat -c command.
- All computers on the network are asked for their names.
- LMHOSTS file. It is a text file, located on each computer on the network, that contains a list of IP addresses and NetBIOS names.
- WINS server. It is a computer that contains a centralized list of IP addresses and NetBIOS names. This list is created dynamically as computers are connected and disconnected on the network. Its configuration is studied in the section. WINS server
The resolution method that works on a network if no other has been configured is broadcasting. This method resolves the names correctly, however it generates a high traffic on the network. We can find out the number of names that have been resolved by broadcasting using the command nbtstat -r (“Resolved By Broadcast” line). Every time Windows resolves a name it stores it for a few seconds in its NetBIOS cache (nbtstat -c). This table will be consulted before broadcasting.
We can reduce the number of broadcasting messages on a network without using a server by creating, on each machine, a list with all the NetBIOS names on our network and their corresponding IP addresses. This list must be included in a file called LMHOSTS.
If we use Windows 98 or I will find an example file in C: \ WINDOWS \ LMHOSTS.SAM. We must rename this file so that it is called C: \ WINDOWS \ LMHOSTS. On Windows NT and 2000, the location of both files is C: \ WINNT \ SYSTEM32 \ DRIVERS \ ETC. Then we will introduce the necessary changes using Notepad or any other text editor. For the changes to start working we must write the command nbtstat -R. We can then check that the names have been stored correctly by typing nbtstat -c.
Windows will check the LMHOSTS file before broadcasting to the network. The nbtstat -r command allows us to check how new messages are not generated to the entire network for the names that we have included in LMHOSTS. The problem with this method is that it is difficult to maintain since any change must be reflected in all the computers on the network. However, you can find ways for the LMHOSTS file to update automatically from a single machine (for example, by using a Windows NT logon script or by using the #INCLUDE clause of LMHOSTS files).
The best practice for medium and large networks is to use a NetBIOS name server. This server is a Windows NT or 2000 machine with Windows Internet Name Service (WINS) configured. In the “WINS Configuration” tab of the TCP / IP properties of each client computer, we have to indicate the IP address of the WINS server that we have configured. Every time we write a name, our computer will ask the WINS server instead of broadcasting to the entire network. A name server also ensures that the computers shown in Network Neighborhood correspond to those that are actually operating on the network.
