We help IT Professionals succeed at work.

Nbname and Nbdgram are Detected by Firewall

freakygod asked
Last Modified: 2013-12-04
Hi experts,

My firewall logs show connection attempts named nbname(137) and nbdgram(138) almost every minute from the local LAN network.

As I researched some information about them, I have realized that they are not look good.

The nbname is meant to stop someone from joining the network, isn't it? And the nbdgram is to broadcast datagrams, according to this page. http://www.mycplus.com/out.asp?CID=1&SCID=186

I have two PCs and one file server in the same network. The file server is the one sending the nbname packets to everywhere.  And the both pcs seems to be infected with the nbdgram since both pcs' firewall logs indicate each of their connection blocks with the name of nbdgram(138).

My question is, how can I remove them? I tried to search entire harddisks by the keywords of nbname and nbdfram, but with no luck I wasn't able to detect any files.

I need you experts help. Thanks in advance.
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)


Thank you Phil,

I'm so relieved now. But the articles don't tell how to stop each machine's sending the packets. Do I need to terminate the service or close the ports?

I just closed the port 135 and 445 on one pic and it started not to send tha packets. However, now I cannot browse networks. If I type "\\computernameORip", I get an error, "Windows canot find....."

So how do I stop the packets but keep the network browsing?
You deactivated Windows networking by stop 135 and 445, so you cannot accomplish both tasks--stop the packets while still allowing WINDOWS browsing.

The activity that you are seeing on the intranet port of your firewall is NORMAL behavior in a Windows network.

Disable this type of logging on your intranet or simply disregard it.


Thanks for your comment Phil,

My laptop shares networks with other people. This packet sending activity just tells others that I'm here. Is it smart to do?

It would be greatly appreciated if this could be accomplished.
"This packet sending activity just tells others that I'm here. Is it smart to do?"

This is how Microsoft networking works.

Is it smart to do is debateable.

The best way to deactivate it while allowing MS Networking is to run a personal firewall (better than Windows Firewall) that blocks both ingress and egress traffic.

By customizing ingress and egress traffic, you can put specific firewall rules on your system to allow it to talk MS networking to specific other systems.

It slightly breaks MS networking, but it provides a level of security than the default wide-open MS networking posture.
Forced accept.

EE Admin
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.