• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2586
  • Last Modified:

Can't resolve UDP port 137 queries

I'm hoping someone can help here. We transitioned from one network to a new one last year when we were sold off. We built the network from scratch. However, since I've been monitoring network traffic I'm seeing an inordinate amount of UDP traffic over port 137 coming from a variety of machines going to our old network IP scheme.

Here's what I've checked:
DHCP, AD and DNS servers: no DNS entries of old IP scheme, no NetBIOS entries of old network.
Old printers: all printers and printer ports mapped to old IP scheme have been removed
Flushed DNS cache
Ran WireShark to confirm NBNS queries
Looked for HOST files/LMHOSTS files - none show any entries

I'm out of ideas what to try or look for. I'm seeing this traffic being generated from a variety of machines on our network, so I'm pretty sure these queries are all coming from the same cause. If I can nail it down on one machine, I'm sure it will fix the problem on all.

PS: I've also done a search on EE and none of the answers to questions similar to mine helped. :)
  • 2
  • 2
1 Solution
137 is used for netbios.  This could be because netbios over IP is enabled on these machines.  If you have DNS running correctly, you can disable netbios over ip by going into the tcp/ip properties-->advanced-->WINS tab and checking disable NETBIOS over IP on the network adapters of each machine.
MarketingDriveAuthor Commented:
Won't that prevent that server from being able to connect via machine name instead of IP?
Not if DNS is running.
137/138/139/445 are used by XP to support "file and printer sharing", which is allow OS share drive/printers , on LAN.
So, by trying disable "network share" on XP, you most likely will stop receiving UDP 137.
Also UDP 137 can be used some SNMP monitoring software, so might double check, if u have any SNMP soft running, on any PC.
Other  way should be look closer on "sender" machines, what services are running, with witch PID, and see base on that , what ports they using .
It will give you pretty good idea, who is "generator" of  interesting traffic. To determine that :
netstat ano > netstat.txt
tasklist > tasklist.txt
notepad tasklist.txt
notepad netstat.txt

In "netstat.txt" you'll see ports used by particular services.

 Once you determine , who is generator, than will be no problem to disable that service, if you need to.
Of couse, you should do this, if you dont need "file and printer sharing" on LAN.
by default - "messenger" service is using UDP 137, u can disable this from "control panel","administrative tools", "services" - look for "Messenger"
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now