I understand the capture of a ftp as it uses tcp handshake to setup the communication. But for Windows file sharing, like copy a file from the server to the PC via the WAN. I am not sure what is a normal traffic pattern for Windows copy.
Thanks asked 05 Dec '12, 10:36 character9 |
2 Answers:
Could be CIFS/SMB, NFS (if configured) or even WebDAV (if configured). It all depends on the configuration of the systems and how you access the remote file system. Please read the following to understand how CIFS is related to SMB (and vice versa).
A bit technical, but ... ;-)
Please check out the Wireshark Sample captures. Search for SMB or CIFS.
Maybe you'll find something here:
Regards answered 05 Dec '12, 11:45 Kurt Knochner ♦ |
For "Windows file sharing", it's probably CIFS/SMB; they're really the same thing, just different names. It was originally called SMB (Server Message Block); there was an attempt to standardize it as the Common Internet File System, as a file system for use over the Internet (at about the same time that Sun was promoting WebNFS as "NFS for the Internet"), but it's really all the same thing. NBSS is the NetBIOS Session Service, as defined in RFC 1001 and RFC 1002. SMB ran atop the NetBIOS services and thus atop the protocols that provide them, including but not limited to the NetBIOS-over-TCP NBSS protocol. Later, the encapsulation of SMB packets over a TCP stream used by NBSS was simplified (by removing all the connection-setup mechanism) and used for a direct encapsulation of SMB over TCP; NBSS ran over TCP port 139, and SMB-over-TCP ran over TCP port 445. So you're probably either seeing SMB/CIFS-over-NBSS (and thus over TCP) or SMB/CIFS-over-TCP - in current versions of Windows, it's probably SMB/CIFS-over-TCP. There's a newer "SMB2" protocol, which I think first appeared in Windows Vista and the server equivalent, which would be used between clients and servers that both support SMB2. Wireshark dissects both SMB and SMB2, and both SMB/CIFS-over-TCP and SMB/CIFS-over-NBSS. answered 05 Dec '12, 15:04 Guy Harris ♦♦ |
I will take a look at that in more details. But I am having a very slow response while copying files from the server to the PC over the MPLS Wan. It is taking 2 days for a 300mb file to copy from the server to the PC. I looked at the captured files and it using SMB. But from what I noticed, I have many duplicate ACK and a lot of NBSS before the actual transfer of the file. Any help will be appreciated. Thx
If "a lot of NBSS" means "a lot of frames marked as NBSS rather than as SMB", those are probably either retransmissions or the result of frames either being lost or not getting captured - the latter would just be a problem with the machine running the capture program not handling incoming packets well enough, but the former could be the result of a networking issue.
O.K. if it's SMB, please run the Response time stats and post the screenshot here.
regarding the slow response time. Can you please give some more details.