This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can SMB2 SRT sum be higher than the whole capture

0

Hi,

I have a dedicated link between two office that are in two different province. I need to transfer around 1GB file between the two office with a Mac Pro and we are stucked with an old Os version that still use SMBv1. Right now, I have a really slow transfer with the mac, but high transfer speed when I use a windows instead (SMBv2). On the local network, the Mac Pro has no transfer speed issue.

The link has 9ms latency. I'm trying to find why SMBv1 and this mac is so slow on this link. I though it was becase the number of SMB request x avg latency.

However, when I look at the capture I did on my windows with SMBv2, the whole capture took 20sec, but when I check the SRT for SMB and I check the SRT (sum) for Write and Read SMB request, they are at around 180sec.

How is that possible if my capture only took 20sec?

Thank you!

asked 11 Oct '16, 18:38

JasonR's gravatar image

JasonR
6113
accept rate: 0%

edited 11 Oct '16, 19:56


One Answer:

1

SMB2 can transfer multiple blocks at the same time. This is done to reduce the effect of large round-trip times on the response time. If the file transfer was using 10 simultaneous SMB2 read commands, each taking 18 seconds, the sum of smb2.time would be 180 seconds, even touch the wall-clock time only showed that 18 seconds have passed.

answered 24 Oct '16, 06:59

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%