Port 139 (NetBIOS Session)

TCP

NetBIOS Session Service — NetBIOS Session listens on port 139 by default.

What is Port 139?

Port 139 is used by the NetBIOS Session Service, which provides connection-oriented communication for Windows file and printer sharing. Before Windows 2000 introduced direct SMB over TCP (port 445), port 139 was the primary port for all Windows file sharing.

NetBIOS Session Service on port 139 establishes reliable sessions between computers for file transfers, printer sharing, and other network resources. It requires NetBIOS name resolution (port 137) to function. Legacy applications and older Windows systems still depend on port 139.

Port 139 has been associated with numerous security vulnerabilities and worms. While modern Windows uses port 445 for SMB, port 139 often remains open for compatibility. It should be blocked at network perimeters and restricted on internal networks.

Port 139 Security

NetBIOS Session on port 139 should be secured with appropriate access controls and monitoring. Ensure the service is only accessible from trusted networks by configuring firewall rules to restrict access. If the protocol supports encryption, enable TLS/SSL to protect data in transit.

Regularly update NetBIOS Session to the latest version to patch known vulnerabilities. Monitor port 139 for unauthorized access attempts and implement rate limiting where possible. Follow the principle of least privilege when configuring access permissions.

How to Check Port 139

To check if port 139 is open on a remote host, use nmap: 'nmap -p 139 hostname'. For a quick TCP connection test, use: 'telnet hostname 139' or 'nc -zv hostname 139'. On Windows PowerShell, use: 'Test-NetConnection -ComputerName hostname -Port 139'.

To check if port 139 is listening on your local machine, use: 'netstat -tlnp | grep 139' on Linux, or 'ss -tlnp | grep 139'. On Windows, use: 'netstat -an | findstr 139'. For a comprehensive scan, use: 'nmap -sV -p 139 hostname' to detect the service version running on the port.

Related Ports

Port 445 (SMB) Port 137 (NetBIOS Name) Port 138 (NetBIOS Datagram) Port 135 (MS RPC) Port 3389 (RDP)

Frequently Asked Questions

What is port 139 used for?

Port 139 is the default port for NetBIOS Session Service (NetBIOS Session). It is used for netbios session communication using the TCP protocol.

Is port 139 TCP or UDP?

Port 139 uses TCP. TCP is used because netbios session requires reliable, ordered data delivery.

Should port 139 be open?

Port 139 should only be open if you are actively running NetBIOS Session. Close unused ports to reduce your attack surface. If needed, restrict access to trusted IP addresses using firewall rules.

How do I check if port 139 is open?

Use 'nmap -p 139 hostname' to scan remotely, or 'netstat -tlnp | grep 139' to check locally on Linux. On Windows, use 'Test-NetConnection -Port 139 hostname' in PowerShell.

How do I secure port 139?

Secure port 139 by restricting access with firewall rules, using encryption (TLS/SSL) where supported, keeping NetBIOS Session updated, using strong authentication, and monitoring for unauthorized access attempts.

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.

Check My IP →

Related Tools

Port Reference
Complete network port database
Port Scanner
Scan ports on any host
SSL Check
Verify SSL certificate status
HTTP Headers
View HTTP response headers
Traceroute
Trace network route to host
Speed Test
Test your internet speed