18

My local machine is running Windows 7, which supports the latest released version of the SMB protocol (SMB 2.1). I also have a remote host, and I don't know what operating system or SMB-support software is installed on that remote host; I only know that the remote host supports some version of the SMB protocol.

How can I find out, from the command prompt (or PowerShell) of my Windows 7 machine, what version of SMB is supported by that remote host?

Edit: although I mention Windows 7 above, I'm sure that this question is relevant to many system/network administrators or desktop support personnel, hence why I'm posting the question here instead of at superuser.com.

Kal
  • 361
  • 1
  • 3
  • 7
  • 1
    good question don't have a great answer you may need to sniff the packets, and yes this can be done from the command line. Hopefully there is a better way then this. – tony roth Apr 12 '12 at 02:44

5 Answers5

13

https://nmap.org/nsedoc/scripts/smb-protocols.html

Example Usage

nmap -p445 --script smb-protocols <target>
nmap -p139 --script smb-protocols <target>
user601451
  • 131
  • 1
  • 2
8

On Windows 8 and higher, you can use the powerhsell command Get-SmbConnection to check which SMB version is used per connection.

jortiexx
  • 353
  • 2
  • 6
  • Even though my original question is for Windows 7, it's great to know that things are easier on Windows 8 and later! – Kal Feb 08 '17 at 02:16
  • Just a note that as stated in @steve-c answer below, you should first open the connection i.e. by looking at remote dir with command `dir \\SERVERNAME\C$` and then run `Get-SmbConnection` – nt86 Dec 08 '21 at 06:37
3

The easiest way is to install WireShark and capture the packets, it will decode them and should show you a protocol version. They have an SMBv2 entry on their wiki, so the latest version of WireShark should decode it int the packet capture.

rmalayter
  • 3,744
  • 19
  • 27
  • 1
    In this case I'd use netmon 3.4, if you don't want to install it you don't have to just run "netsh trace start capture=yes" then connect to the share then run "netsh trace stop" the resultant *.cab file is readable by netmon 3.4 which does not have to be on he workstation/server that you are capturing on. – tony roth Apr 12 '12 at 02:55
1

There are only two conceivable ways to determine a remote host's SMB version.

The First is to banner grab using telnet. Even then, you're not guaranteed that anything of use will come back. I can successfully connect to one of my SMB servers, but do not get any useful banner information.

The Second is to fingerprint the system over the network using a network security scanner. You'll have to search for a good tool thought, because you're still not guaranteed any success with determining what version of SMB is running. For example, I just used a quick scan with nmap on my network (that I know is running microsoft SMB on several endpoints) and I get no pertinent information as to what version of SMB it is running.

Wesley
  • 32,320
  • 9
  • 80
  • 116
  • does nmap detect cifs version? haven't used it in a while. – tony roth Apr 12 '12 at 02:57
  • 1
    @tonyroth There might be Nmap Scripting Engine addons that do it. I know of one smb vulnerability check - but you don't want to use that willy nilly as it'll hose the server. =) – Wesley Apr 12 '12 at 03:00
  • 1
    You have to use nmap with the "-sV -p 139" flags to get daemon details. eg. Samba smbd 3.X (workgroup: XXXX) – Soviero Apr 12 '12 at 04:40
1

Here's what you do to pull the SMB version:

  1. Open Powershell as an Administrator. Right click on the icon and say "Run as Administrator".

  2. Now, you're going to run 2 commands within 10 seconds or else Windows closes the ports as unused.

    1. Run dir \\SERVERNAME\C$

    2. Run Get-SmbConnection: your "Dialect" column is the version of your SMB.

  3. Check the matrix on this link to make sure the OS corresponds to the correct OS version or you'll need to upgrade your SMB.

https://blogs.technet.microsoft.com/josebda/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/

SMB Stack Matrix

Helder Magalhães
  • 105
  • 4
Steve C
  • 11
  • 1