+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, SMB Packets in Technical; Just been using Network Monitor and have noticed a massive amount of SMB packets between our server and one of ...
  1. #1
    AJT1's Avatar
    Join Date
    Nov 2007
    Location
    North East
    Posts
    83
    Thank Post
    13
    Thanked 5 Times in 5 Posts
    Rep Power
    15

    SMB Packets

    Just been using Network Monitor and have noticed a massive amount of SMB packets between our server and one of our hosts, does anybody have any idea what these SMB packets are I've got as far as reading what an SMB packet is on Wikipedia, but unfortunately there isn't much information on how many there should be bouncing around the network.

  2. #2

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    SMB traffic is mostly file sharing. The number of packets depends on lots of things, how many drives are mapped, whether you have Explorer open, whether you're reading/writing/searching files etc.

  3. #3
    AJT1's Avatar
    Join Date
    Nov 2007
    Location
    North East
    Posts
    83
    Thank Post
    13
    Thanked 5 Times in 5 Posts
    Rep Power
    15
    The strange thing is there was nobody logged onto the machine as it was after school and didn't have high readings from any of the other 140 machines on the network.
    Thanks for your reply

  4. #4

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    114
    If this is MS Network Monitor 3.1, look at the descriptions for SMB packets.

    Some of it might be a bit opaque, but the descriptions are the SMB commands/responses and you should be able to see the directory and file names involved. Look at the ones with "C; Nt Create Andx" and "C; Transact2".

  5. #5
    Unvalidated User
    Join Date
    Nov 2007
    Location
    the Pub
    Posts
    255
    Thank Post
    7
    Thanked 11 Times in 10 Posts
    Rep Power
    0
    windows hosts to seem to be overly "chatty", lots of broadcasts and the like just look at the switch lights when people are not using the machines! Not exactly efficient..

  6. #6

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,144
    Thank Post
    113
    Thanked 518 Times in 447 Posts
    Blog Entries
    2
    Rep Power
    121
    There will always be loads of SMB traffic even if you think no-one is logged on there are still "things" happening (eg - you might be running a virus update or similar process; if you have any software which audits the machines then this could be running and so on).

    Open task manager on a machine go to the processes tab and click View | Select columns and tick the I/O Read Bytes and I/O Write Bytes boxes. OK out and watch the processes as they read and write files. Some of these are local; others are network.

    if you want even more info then download procmon - that will show you all the file activity that's going on and you can easily see just how busy an "idle" machine really is.

  7. #7
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 69 Times in 42 Posts
    Rep Power
    33
    You can also get more information about active windows shares on your server from Computer Management (start > run... > compmgmt.msc)

SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •