View all common networking ports

What is Port 137?

by David Brown | Published on June 27, 2025

Quick Definition: Port 137 is a network protocol port used for NetBIOS Name Service (NBNS), which resolves NetBIOS names to IP addresses, enabling devices on a network to find and communicate with each other.

A protocol is like a language spoken between two computing devices. One such protocol is found on port 137. That’s what we’re discussing today. 

The transport protocols Transmission Control Protocol (TCP) and User Datagram Protocol deliver data between devices on a network by assigning source and destination ports associated with specific protocols. 

There are common ports and protocols that everyone should know, like port 22 for Secure Shell (SSH) or port 80 for Hypertext Transfer Protocol (HTTP). Users can also dynamically assign protocols. And then there are those pesky legacy protocols, like port 137.  

Are you anxious to learn about cybersecurity but unsure about the right certification path? To learn more, read the CBT Nuggets article "Should I Earn Network+ Certification Before Security+?"

What Exactly is Port 137?

Port 137 is the default port used for NetBIOS Name Service (NBNS). The core protocol is NetBIOS (Network Basic Input/Output System), which is an older networking protocol that allows devices on a network to communicate with each other. NetBIOS itself uses several ports for different services:

  • Port 137: NetBIOS name service for name resolution

  • Port 138: NetBIOS datagram service for sending and receiving datagrams

  • Port 139: NetBIOS session service for establishing sessions and transferring data

NetBIOS operates at the session layer (Layer 5) of the Open Systems Interconnect (OSI) model. NetBIOS was widely used in older Windows networks, but has since been replaced by newer protocols like Domain Name Service (DNS) or Server Message Block (SMB). 

What is Port 137 Used For?

NetBIOS is still supported in some systems for backward compatibility with legacy networks. The use of UDP means that port 137 is a connectionless protocol. NetBIOS name resolution typically involves small, single-packet queries, which is ideal for UDP. Protocols like NBNS take advantage of UDP’s speed and efficiency, giving it priority over reliability. 

NBNS, which runs on UDP port 137, is used for translating NetBIOS names (e.g., \COMPUTER_NAME) to IP addresses. Devices on a network can query the NetBIOS name service to resolve names to IP addresses. For years, it provided ready connectivity for file and printer sharing. Essentially, NBNS helps devices on a network find each other. 

So, do we need port 137 in today’s networks? Not really. The ubiquity of DNS means that nobody uses NetBIOS or its associated services anymore. Those days are gone. Nowadays, the concern is more about the vulnerability posed by port 137 than its usefulness.

Security Concerns of Port 137

The risks associated with UDP port 137 are real, and IT security professionals are well aware of its dangers. Let’s consider a few of them.

Information Disclosure

NetBIOS can reveal sensitive information about your network. Computer names and workgroup names can become visible to attackers. 

Enumeration

Enumeration refers to an attacker's ability to query the NetBIOS name service and gather information about the system. This process can expose user and group names, shared resources, system configuration, and network topology. 

Denial of Service (DoS)

DoS on port 137 occurs when an attacker floods the NetBIOS Name Service with traffic. This may involve sending a large number of NetBIOS name queries or other malicious traffic to the port. DoS can overwhelm the system and take it out of action. 

Port 137 can be used by bad actors to scan the network for reconnaissance. That’s why security professionals commonly block it as part of the hardening process. The best practice is to disable the port unless it is specifically needed for a legacy connection. 

Check out 10 Common Security Threats in the Enterprise to learn more about the dangers we face in cyberspace.

Troubleshooting Port 137

High traffic on Port 137 can consume network resources. By monitoring this traffic, you can identify potential causes for slow connections or sluggish network devices. If you are purposely using NetBIOS, be sure that it is configured correctly. If it's not needed, disable the port to see if network performance improves. 

The nbtstat command can show you any NetBIOS activity on your device. As shown below, I used the -c flag to show whether any NetBIOS machines or IP addresses were in my NetBIOS cache. If you see anything here that could be a sign that an intruder is taking advantage of an open NetBIOS port.

Troubleshooting Port 137

Packet sniffers like Wireshark and scanning tools like nmap can also tell you when port 137 is being used. There are plenty of good tools available for this purpose.

It would be rare for a network engineer to have to troubleshoot a NetBIOS problem today – unless, of course, the associated ports were left enabled and vulnerable. Modern networks use DNS and SMB over TCP/445 instead.

Port 137 FAQs

Is Port 137 Still Used Today?

Port 137 is rarely used in modern networks. The exception is the presence of legacy networks and devices, but even those should be replaced as soon as possible.

What’s the Difference Between Port 137 and Port 445?

UDP port 137 is used for NetBIOS Name Service (NBNS), which provides name resolution for NetBIOS. TCP port 445 is used for Server Message Block (SMB) protocol, which enables file and printer sharing, among other functions. Port 137 is for name resolution, while Port 445 is for SMB communication.

Should I block Port 137 on my network?

If you don’t use NetBIOS for name resolution, then yes, block port 137. By blocking port 137, you can reduce the attack surface and prevent potential exploits. You might keep port 137 open if you use legacy systems that rely on NetBIOS.

Should I Disable NetBIOS?

Disable NetBIOS if you are certain that no critical systems are using it. You can disable NetBIOS on network devices, firewalls, and individual systems. This is especially important for enterprise systems with sensitive data.

NetBIOS is still configurable on Windows 11 in the advanced TCP/IP settings as shown below. The default setting is to take the configuration from the DHCP server. If you are concerned about security, then select Disable NetBIOS over TCP/IP. I just did. The process will need to be repeated for each of the network connections on your device (Bluetooth, Wi-Fi, LAN).

Should I disable NetBIOS?

Conclusion

Port 137 played an important role back when NetBIOS was a prevalent network technology. Its associated protocol, NetBIOS Name Service (NBNS), may still be useful in the network traffic flows of existing legacy infrastructures. But unless you know that you really need it, the best and safest strategy is to block it, disable it, filter it, and remove it from the potential vulnerability list. Don’t leave the door to port 137 open unless it’s explicitly required.

Are you ready to ramp up your IT security skills? Team Nuggets' article 8 Standout Security Courses for 2025" tells you what courses you need to get started.

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

Follow us

Let's chat!

Sales | Support | General
© 2025 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522