Wireless Networks Thread, SMB Packets in Technical; Just been using Network Monitor and have noticed a massive amount of SMB packets between our server and one of ...
11th February 2008, 05:59 PM #1
Just been using Network Monitor and have noticed a massive amount of SMB packets between our server and one of our hosts, does anybody have any idea what these SMB packets are I've got as far as reading what an SMB packet is on Wikipedia, but unfortunately there isn't much information on how many there should be bouncing around the network.
11th February 2008, 06:31 PM #2
SMB traffic is mostly file sharing. The number of packets depends on lots of things, how many drives are mapped, whether you have Explorer open, whether you're reading/writing/searching files etc.
11th February 2008, 07:12 PM #3
The strange thing is there was nobody logged onto the machine as it was after school and didn't have high readings from any of the other 140 machines on the network.
Thanks for your reply
11th February 2008, 07:59 PM #4
If this is MS Network Monitor 3.1, look at the descriptions for SMB packets.
Some of it might be a bit opaque, but the descriptions are the SMB commands/responses and you should be able to see the directory and file names involved. Look at the ones with "C; Nt Create Andx" and "C; Transact2".
11th February 2008, 08:04 PM #5
- Rep Power
windows hosts to seem to be overly "chatty", lots of broadcasts and the like just look at the switch lights when people are not using the machines! Not exactly efficient..
11th February 2008, 09:08 PM #6
There will always be loads of SMB traffic even if you think no-one is logged on there are still "things" happening (eg - you might be running a virus update or similar process; if you have any software which audits the machines then this could be running and so on).
Open task manager on a machine go to the processes tab and click View | Select columns and tick the I/O Read Bytes and I/O Write Bytes boxes. OK out and watch the processes as they read and write files. Some of these are local; others are network.
if you want even more info then download procmon - that will show you all the file activity that's going on and you can easily see just how busy an "idle" machine really is.
12th February 2008, 01:56 PM #7
You can also get more information about active windows shares on your server from Computer Management (start > run... > compmgmt.msc)
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)