Ask Your Question
0

SMB and TCP packets - TCP retransmissions

asked 2021-03-31 11:35:36 +0000

bb25 gravatar image

updated 2021-03-31 11:49:38 +0000

grahamb gravatar image

Hi,

I'm looking for some help on analysis some packets.

The pcap i have consists of TCP and SMB packets.

From the IO graph, I have shown TCP errors (which are showing as retransmissions) and all SMB packets.

I have noticed form the graph that when there are any TCP errors, the SMB packet numbers lower drastically:

^this is an image of my graph.

If anyone could help to explain why this is or why the retransmissions are occuring id appreciate it.

edit retag flag offensive close merge delete

Comments

Could you please share us a trace? https://blog.packet-foo.com/2016/11/t...

Christian_R gravatar imageChristian_R ( 2021-04-01 00:18:12 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-04-03 16:18:49 +0000

Eddi gravatar image

The screenshot suggests that the systems use SMB (not SMB2) to exchange data.

Most applications make blocking calls when they read or write files. In other words: Send data, wait for an acknowledgement, then send the next block etc. In case of an error, the client has to wait until the TCP retransmission has been resolved.

One of the improvements with SMB2 was the introduction of pipelining, where clients could fire away a bunch of requests at once. A sequence like "Create File, Query Information, Close" takes only one TCP turn.

I wonder, how your application reacts, if SMB2 is used. Of course, the calls have to be non-blocking ...

Good luck

Eddi

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-03-31 11:35:36 +0000

Seen: 1,055 times

Last updated: Apr 03 '21

Related questions

Low throughput between vmWare hosts in vxlan topology - spurious retransmissions.

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

Client is waiting for FIN flag from server for 30 sec

follow tcp stream dialogue box

How to tell if TCP segment contains a data in Wireshark?

Help to read this trace

Random Flooding of TCP Retransmissions

How to make wireshark pop out a file when there are a lot of tcp retransmissions?

how to create a graph of the number of active tcp connections over time?

how can I graph mysql response time in wireshark

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2