Port 137: What's Using It and Is It Safe to Close?

Port 137 is the NetBIOS Name Service, part of the older Windows networking stack used to resolve computer names on a local network. It predates modern SMB and shows up mostly around legacy Windows file sharing.

What typically listens on port 137

• NetBIOS name resolution: Older Windows networks use 137 (UDP) to map computer names to addresses.
• Legacy SMB interop: Connecting to or from older Windows shares can involve 137, alongside 138 and 139.
• Network discovery tools: Some scanners and file-sharing tools query it.

On modern networks this is largely replaced by DNS and direct SMB over port 445.

Is it safe to close?

Yes. Current macOS file sharing uses SMB on 445, not NetBIOS. Blocking or closing port 137 rarely affects anything on an up-to-date network, and it trims unnecessary exposure. Only legacy setups that depend on NetBIOS name resolution would notice.

Is it suspicious?

NetBIOS traffic is mostly a legacy footprint. It can leak host names and network details, and it has a history of being probed in attacks, so it should never be reachable from the internet. On a local network it’s low-risk, but if you don’t use old Windows shares there’s little reason for it to be active.

How to find what’s on port 137 on macOS

sudo lsof -i :137

NetBIOS uses UDP, so target the protocol directly if you want to be specific:

sudo lsof -iUDP:137

Portie shows UDP and TCP ports together with their owning processes, so you can see whether anything is actually using NetBIOS on your Mac.