Ask Your Question

SMB3 signatures

asked 2018-04-22 20:17:52 +0000

xy456 gravatar image

updated 2018-10-26 17:27:22 +0000

cmaynard gravatar image

I have only Windows Server 2016 and 10 machines on my network. I have enabled SMB3 encryption on all the servers that have file shares on them and I have configures SMB Digitally Signing to Required for all the machines in the domain. I would like to find out if my SMB connections are digitally signed. I used Wireshark to capture a connection between my Windows 10 1709 machine and Windows Server 2016 file share.

I cant attach a screenshot but in the "Negotiate Protocol Response" packet it shows the "Signature" under SMB2 Header as 00000000000000000000000000000000 so I assume SMB digitally signing isn't working?

The weird thing is, if I open an "Encrypted SMB3" packet and expand the SMB2 Transform Header I can see a Signature option which says: ee51ab3d9aa14b72cb8df4302b582167

So is SMB3 digitally signing working or not?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-05-01 16:26:04 +0000

Eddi gravatar image


SMB3 supports signing. The key is negotiated during the Session Setup phase. You should see the first signature in the Session Setup Response.

SMB (including SMB2 and SMB3) can only use signing if both sides support this option. The Session Setup Response is the first opportunity to do this.

SMB-encryption is enabled on a per-share base. Hence the first messages of the SMB connection will exchanged in plain text. Once a Tree Connect has completed all following traffic will be encrypted and signed.

SMB3 digital signatures work as desired.

Happy sniffing

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-04-22 20:17:52 +0000

Seen: 3,568 times

Last updated: May 01 '18