I am hoping someone can provide some insight into approaching SMB troubleshooting via wireshark.
I have two offices connected by a managed MPLS connection. Office A, Chicago, maintains a windows file server. Office B, Miami, has several Mac users who complain that file transfers are exceedingly slow, especially in directories with many (e.g. hundreds of files). A capture done from one of the Mac users workstations produces a lot of possible clues when I filter with smb.nt_status > 0 or smb2.nt_status > 0
I've been asked to determine the problem, or at least, show that it is NOT a network problem. It may also be helpful to know that there are no significant error count on any router or switch port involved, and MPLS circuit utilization is less than 10%. I am reasonably sure the relevant firewalls are not affecting traffic either, as PC users from Office B do not experience this problem when accessing the same files on the same file server.
I am prevented by company policy from posting an actual capture, but here's a very typical screenshot.
Researching these status codes leads me down various rabbit holes related to either Mac OS' implementation of SMB and various similar sounding, but not exact, error codes on a Microsoft Dev FAQ.
Any other information I could glean from these captures to help me understand what's happening here?
asked 12 Aug '15, 09:58
edited 12 Aug '15, 13:29