NetBIOS: What It is, How It Works and How to Use It

Computer networking began in 1983, when Sytek created NetBIOS, an application programming interface (API) for communication over IBM's Local Area Network technology. Since then, other leading tech companies, including IBM and Microsoft (in MS-DOS in 1985), have implemented the technology widely.

This article will discuss how NetBIOS works, how it interacts with applications, and how you can enable or disable it on your computer system.

What is NetBIOS (Network Basic Input/Output System)? NetBIOS stands for "Network Basic Input/Output System," and it is an early programming interface that facilitated basic communication services on a Local Area Network (LAN). It allows applications to communicate with each other using a simple naming mechanism and provides services like file sharing, printing, email, and other network functionalities. Originally developed by IBM in 1983 for its PC-DOS operating system, NetBIOS was later adopted by various other operating systems such as Windows, Unix, and Linux. It operates at the Data Link Layer (Layer 2 of the OSI model) and uses Application Programming Interfaces (APIs) on top of the TCP/IP protocol stack for network communication. In NetBIOS, computers are typically referred to as "nodes" and can have names up to 16 characters long for identification and communication. NetBIOS name resolution can be achieved through broadcast or by using a WINS (Windows Internet Name Service) server. Although NetBIOS is no longer the primary technology in modern networks, it is still used in certain environments, especially in networks running older versions of the Windows operating system. However, due to limitations such as name conflicts and efficiency issues, more contemporary naming services like DNS (Domain Name System) are now preferred.

NetBIOS (Network Basic Input/Output System) is an industry standard that runs on top of TCP/IP for network communication. It enables distributed applications to access each other's network services without regard for the underlying transport protocol being used.

This protocol became more popular with the rise of the Windows operating system. It also enables data transmission over a network, for example, between Microsoft Windows computers that use NetBIOS names to translate to IP addresses for communication within a workgroup.

In addition, NetBIOS provides network services to support client/server applications on the network. Its specification defines two things:

• IPC (Inter-Process Communication) mechanisms or Application Programming Interfaces (APIs) allow NetBIOS-enabled applications to request services from lower protocol layers and communicate remotely over a network.
• A binding operating protocol at the Transport Layer of the OSI (Open Systems Interconnection) Reference Model, used for functions such as termination, session establishment, registration, resolution, and renewal.

NetBIOS can take several forms, depending on the network protocol it runs over (NetBEUI, SPX-Compatible Transport/NWLink IPX, and TCP/IP), such as NBF (NetBEUI Framing Protocol), NWLink NetBIOS, and NetBT (NetBIOS over TCP/IP).

How does NetBIOS work with applications?

All software applications that use NetBIOS use its NetBIOS name to identify and locate each other. A computer running the Windows operating system and its NetBIOS name (16 characters long) are separate entities. In contrast, applications on other computers access a NetBIOS name over UDP (User Datagram Protocol, a simple OSI transport protocol used by client-server network applications that run on port 137 and rely on the Internet Protocol).

Windows Internet Naming Service (WINS) provides NetBIOS name resolution services. Although application registration of NetBIOS names is required, it is not needed by IPv6 (Microsoft). The available services on the system are explained by the last byte (the NetBIOS suffix).

Starting a NetBIOS session over a client-server network requires at least two applications: the client sends a 'call' command to the server via TCP port 139. This process is two-way, and is referred to as session mode, because each party 'sends' and 'receives' commands to the other.

Data packets are sent, received, and broadcast under the control of the datagram service. The session ends when a "hang up" command is received during the session. NetBIOS also supports connectionless communication over UDP, in which case an application listens for NetBIOS datagrams on port 138 (UDP).

How do I enable or disable NetBIOS?

You can enable or disable NetBIOS using the Windows Command Prompt.

Step 1: Hold down the Windows key and press R. This will bring up the "Network Connections" screen. Type "ncpa.cpl" and click OK.

Step 2. Right-click on “Ethernet” and select “Properties” to open the Network Properties.

Step 3: In the new window that pops up, double-click "Internet Protocol Version 4 (TCP/IPv4)" to proceed to the next page.

Click Internet Protocol Version.

Step 4: Click “Advanced” to adjust settings.

Click Advanced.

5. Click the “WINS” tab in the “Advanced TCP/IP Settings” window.

Step 6: Click the radio button next to “Enable NetBIOS over TCP/IP.”

Step 7. Finally, click “OK” to apply the changes. You may need to restart your computer system.

To "Disable NetBIOS over TCP/IP," follow steps 1 through 5, but this time select the check box next to "Disable NetBIOS over TCP/IP." Click OK to enable the change.

Last Words

Disabling NetBIOS can help mitigate an attacker's ability to grab user hash credentials, poison responses, and monitor network traffic. However, if your applications or Windows operating system depend on it, you don't have to disable it. Either way, read on to learn how to enable or disable NetBIOS yourself without having to call in a professional.