Some Notes on the Machines

NETBIOS is a very legacy protocol, security of it is very poor. Substantial performance gains by disabling it have been noticed. This is probably because when active it broadcasts constantly to every single NIC on its LAN, creating NIC and switch contention. Also, a large proportion of security violation exploits use it, so disabling becomes a very good idea in general. The only exceptions occur when there are needs to do SMB sharing with very old machines, machines all long out of support. By default, it is still active on all current Microsoft Windows operating systems.

Here is a paste to Powershell that does it all:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)

The various bits are below.

Turn off NETBIOS over TCP/IP, for each NIC:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Where-Object -Property 'TcpipNetbiosOptions' -ne $null | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get rid of all WINS entries, if present (sorry, no CimInstance code yet):

Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='True'" | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

Uncheck of LMHOSTS lookups:

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)

If Microsoft DHCP is in use, DHCP can tell clients to do the simple disable, the first item above:

learn.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-netbios-tcp-ip-using-dhcp

Below is another script, to reenable the protocols, though it does not try to put back any WINS server IPs that may have been deleted, and it cannot override Microsoft DHCP:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = 0 }

$DisableLMHosts_Class=Get-WmiObject -list Win32_NetworkAdapterConfiguration
$DisableLMHosts_Class.EnableWINS($true,$true)

It appears that there is a new standard of Microsoft Windows TCP/UDP port setup. Their doc is here:

learn.microsoft.com/en-us/troubleshoot/windows-client/networking/tcp-ip-port-exhaustion-troubleshooting

I landed there because I saw event log items 4227, tcpip, “TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate…”

If you see lots of those events, or don’t, this paste gets us to the new standard:

netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384

To see your current settings:

netsh int ipv4 show dynamicport tcp

netsh int ipv4 show dynamicport udp

And if you want to combine the above with full disable of NETBIOS and related:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384

So we have the situation where we have multiple network interfaces, possibly including wireless, and we want to set priority, so if one is connected, that one will be used. Here’s a good working procedure, all in Powershell.

1. Get list of interfaces with the Windows index number for each:

Get-NetIPInterface | ft ifINdex,InterfaceAlias,AddressFamily

Now we have a list of interfaces and names. Each interface device may have two listings, one for IPv6 and one for IPv4. What we want is the index numbers for the two. On one machine, “Ethernet” was index 12, and “Wifi” was 18, but there will be wide variation.

2. Priority is higher, for lower numbers. So if we want to set high priority for wired Ethernet when it’s present, we could set priority 10:

Set-NetIPInterface -InterfaceIndex "12" -InterfaceMetric "10"

3. and to make it stick and work predictably, we set Wifi to priority 100:

Set-NetIPInterface -InterfaceIndex "18" -InterfaceMetric "100"

One can do a basic test of TCP using Putty. UDP is another matter, one must have a server process and a sender. I found the simple sender and server written in Powershell here:

cloudbrothers.info/en/test-udp-connection-powershell/

to be excellent. In addition, if you want to know the identity of the process listening on a port, run this:

Get-Process -Id (Get-NetUDPEndpoint -LocalPort YourPortNumberHere).OwningProcess

100 Kbps is more than enough.

A great summary of FTP conversation over TCP:

https://www.ncftp.com/libncftp/doc/ftp_overview.html

https://github.com/billziss-gh/sshfs-win

CLI command:

net use X: \\sshfs\login@hostname.fqdn

Here is a tool for this purpose:

https://iperf.fr/iperf-download.php

Here they are:

https://support.eset.com/kb332/

To set a Windows NIC to full DHCP via netsh, do this, replacing “Local Area Connection” to the name of the NIC if it’s not the same:

netsh interface ip set address "Local Area Connection" dhcp
netsh interface ip set dns "Local Area Connection" dhcp
netsh interface ip set wins "Local Area Connection" dhcp

Sometimes, if WINS is set static, you have to do this before WINS can be set DHCP:

netsh interface ip set wins "Local Area Connection" static none