What is Port 139?
by Colin Cohen | Published on October 20, 2023
Port 139 is a dedicated port for providing session services for the Server Message Block (SMB) protocol over NetBIOS, which is primarily used for sharing printers and files in a Windows-based network.
What is Port 139?
Port 139 allows SMB over NetBIOS session services when sharing files and printers over a network between two devices.
Sharing Files and Printers with Port 139
Printer and file-sharing services use port 139 to provide SMB over NetBIOS session services, which transmit large messages and other heavy traffic over a network between two devices over NetBIOS. Session services can also include error detection and recovery features.
In an SMB session, the two devices communicate by using their NetBIOS names, an identifier of up to 16 characters that is typically different from their computer names. The following NetBIOS primitives are available to the devices:
Call (initiate a session)
Listen (wait for a session initiation)
Hang Up (close a session)
Send (send packets with acknowledgment)
Send No Ack (send packets without acknowledgment)
Receive (receive packets)
Devices and Apps That Use Port 139
SMB relies on NetBIOS over port 139 when communicating with older devices and apps that don’t support directly-hosted SMP over TCP on port 445. But you can use it on other devices as well.
What are Ports 137, 138, 139 and 445 for?
There are many ports that provide various SMB services, so it’s important to understand the following differences:
Port 137 is for providing name services over TCP or UDP for SMB over NetBIOS.
Port 138 is for providing diagram services over UDP for SMB over NetBIOS.
Port 139 is for providing session services over TCP or UDP for SMB over NetBIOS.
Port 445 is for directly-hosted SMB over TCP or UDP without the need of NetBIOS.
What is Port 139 Used For?
You use port 139 when running SMB over NetBIOS on a network node. Learn more about when SMB is the right data transfer protocol to use in this explainer comparing AFP, SMB, and NFS.
Understanding SMB and NetBIOS
SMB is an application-layer protocol in Windows that allows nodes on a network to share resources. While these resources are often files and printers, you can also share other computer resources, such as serial ports.
The initial version of SMB was designed to operate on top of NetBIOS, a low-level API that provides services in the session layer of the OSI model. Due to inherent vulnerabilities relating to NetBIOS as well as its high network overhead, SMB 2.0 was developed. This allows you to run the protocol on port 445 without the need for NetBIOS, and it also lets you disable port 139.
How to Access Resources on Different Devices with Port 139
When SMB runs over NetBIOS on port 139, one device (the client) calls the other device (the server) over the port. Once connected, the client device can then access the server’s resources.
TCP 445 vs TCP 139
When you run SMB over NetBIOS, you use port 139 for session services. If you use directly-hosted SMB, you do so over port 445. It should be noted that both systems can function on the same network simultaneously. If they do, Windows will try both and use the one that responds first.
Notable Port 139 Security Vulnerabilities
When port 139 becomes exposed to the Internet, it is vulnerable to exploits in which attackers access data stored on a network’s nodes.
What is the NetBIOS/SMB Exploit?
When you use SMB over NetBIOS only on local area networks (LANs), the risks of exploits are low. However, the same is not true over the Internet, which can expose Windows hosts and domains to attacks.
Why Securing Port 139 is Important
When port 139 is exposed to the Internet, it can become dangerous, as attackers could potentially access data stored on the network’s nodes. They do this by first footprinting a NetBIOS system using the nbstat command, which can provide the following information:
Local NetBIOS names
Computer names
Names resolved through the Windows Internet Name Service (WINS)
IP addresses
Session table contents
Armed with this information, hackers can then attack the nodes.
Because of the inherent vulnerability of port 139, many organizations will block the port in their firewall and instead use directly-hosted SMB over port 445 or some other means.
Alternatives to Port 139: SMB Over VPN or SMB Over SSH
Using SMB directly over port 445 isn’t the only alternative to using SMB over NetBIOS on port 139. You can also use SMB over a virtual private network (VPN) or Secure Socket Shell (SSH) for more secure operations. But keep in mind that there may be performance issues with both solutions.
What is the Default Protocol for Port 139?
TCP is the default transport protocol for port 139, but you can also use UDP.
Printer Sharing Services Can Swap Between TCP and UDP
While the default transport protocol for SMB over NetBIOS session services is TCP, you can use UDP as well. Printer sharing services, during sessions, can switch between the two protocols to improve performance. Always remember that TCP is more reliable but that UDP is faster.
Port 139 and Port Conflicts
Conflicts can occur when multiple applications use port 139, which you will have to resolve.
Customize Port Assignments for Port 139
Port 139 is dedicated to providing SMB over NetBIOS session services, and you cannot change it to another port. If you are experiencing a conflict on that port, run the following command from your terminal:
netstat -aon
The output of this command will indicate the process bound to port 139, which you will need to stop before you can start SMB.
You can also use directly-hosted SMB on port 445 if your devices and apps support SMB 2.0.
Key Takeaways About SMB Port 139
On Windows networks, you can provide SMB over NetBIOS session services on port 139 for sharing files and printers. This is especially useful if you have devices and apps that don’t support the newer version of SMB or where security isn’t a concern.