Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Network Performance Monitor (NPM) > Disable Netbios UDP 137 traffic

Disable Netbios UDP 137 traffic

Table of contents
Created by Malik Haider, last modified by Kevin Twomey on Jan 18, 2017

Views: 3,476 Votes: 4 Revisions: 10


This article describes the topic about how Orion server uses Netbios (UDP 137) port to reach out to all the devices that are monitored by the Orion. There is an option to disable NetBios Over TCP/IP protocol and write an LMHOSTS  file for the servers that need to be resolved using NB names. By doing so, it prevents NetBios Lookup Query to try and go through your firewall.


**Note NetBios lookups will happen from the Orion engine before a DNS lookup. Also note DNS lookups will only reach out to the first DNS server (Primary DNS) it can reach. This is important to note in case DNS replication is not setup properly and some hosts will not resolve via the primary DNS server.


That's pretty much what I expected with NTA. NTA will take any netflow data that is being sent to it from your layer 3 devices, record the Source and Destination IPs in the flow data, then attempt to resolve the names of those IPs (whether they are valid or not) through DNS and NetBios for display in the web console. It doesn't attempt to confirm whether the IPs are real or not, only that it is seeing it within the flow packets themselves.


The correction to a point however pertains to this: NTA must be configured to allow the NetBios requests to be initiated and for it to be concurrent, it must be set to Persistent name resolution in the NTA settings. Easiest way to confirm is to go to NTA Settings, scroll down to DNS and NetBIOS Resolution and see if Enable
NetBIOS resolution of endpoints is checked. Likely as well, the setting for DNS Resolution Option is set to Persistent as well.


Collects flow packets > parses source\destination IPs in convos > stores the IPs > queues them for name resolution > issues resolution through DNS\LLMNR for everything configured on the server (DNS servers, etc) > issues netbios lookup to whatever it can reach to resolve naming through that method (if enabled) > awaits response > stores name upon return.


We unfortunately do not have any white sheet documentation stating this exact process, at least nothing that we can release, but if it comes into question whether this is intended design I can confirm and I can indicate in the admin guide that NTA can and does attempt naming resolution through NetBIOS.


I'd say your next method to test is to check the NTA Settings page, disable NetBios resolution if it's enabled, then see what happens when you restart the service.


All versions of NPM 


  1.  Go to the Control Panel > Network and Sharing Center> Manage Network Connections.
    Please be sure to disable on the NIC used by the Orion engine in case you have multiple NIC's.
  2.  Select the Interface and then right-click Properties. 





Check NTA Settings to make sure NetBIOS is disabled:


For more details, see the Thwack post below:




Last modified