| 2021-08-25 17:09:38 +0000 | received badge | ● Famous Question (source) |
| 2021-08-25 17:09:38 +0000 | received badge | ● Notable Question (source) |
| 2021-08-25 17:09:38 +0000 | received badge | ● Popular Question (source) |
| 2019-09-25 16:14:06 +0000 | received badge | ● Taxonomist |
| 2018-03-23 11:49:55 +0000 | commented answer | malformed smb2 packet for Server 2016 across a MPLS WAN Thanks for that extra information. |
| 2018-03-22 13:39:08 +0000 | commented answer | malformed smb2 packet for Server 2016 across a MPLS WAN Yes, you are correct. We have some riverbeds involved in the data flow. That was my first thought of what was causing |
| 2018-03-22 13:38:52 +0000 | commented answer | malformed smb2 packet for Server 2016 across a MPLS WAN Yes, you are correct. We have some riverbeds involved in the data flow. That was my first thought of what was causing |
| 2018-03-22 13:36:02 +0000 | marked best answer | malformed smb2 packet for Server 2016 across a MPLS WAN Hello, I am fairly new to Wireshark but I have some experience troubleshooting network issues. I am trying to troubleshoot connecting to an admin share (\servername\c$) across a MPLS WAN connection. According to our MPLS provider there are no ports being blocked on the MPLS WAN. I saved a capture file and it is located at the google drive link below. When the packets start the SMB2 negotiation I am getting a Malformed Packet followed by a reset of the TCP/IP handshake. I'm not sure if this is an error in Wireshark or if the packet is getting modified incorrectly by a router or other network device. What is interesting to me is the fact that I can connect to admin shares in the reverse direction. Additionally this error is only happening when the source and destination are Windows 2016 servers. Admin shares on Server 2012 R2 work fine both directions. Connecting to admin shares on the local subnet works just fine using 2 Windows 2016 servers. 10.254.164.166 --> admin share --> 10.254.188.123 Does not work 10.254.188.123 --> admin share --> 10.254.164.66 Works just fine https://drive.google.com/open?id=1C4m... I'm using the following filter to show SMB2 traffic: ip.addr==10.254.164.166 and ip.addr==10.254.188.123 and tcp.port==445 I'm leaning towards something being blocked or the traffic being changed to cause the error. But my Senior Network Engineer thinks it is a Server 2016 issue and not network related. I'm looking for some proof that it is a network issue from the information in the packets, but I'm not sure what to look for. Thank you in advance! |
| 2018-03-22 13:36:02 +0000 | received badge | ● Scholar (source) |
| 2018-03-22 13:35:53 +0000 | commented answer | malformed smb2 packet for Server 2016 across a MPLS WAN Yes, you are correct. We have some riverbeds involved in the data flow. That was my first thought of what was causing |
| 2018-03-20 17:58:36 +0000 | asked a question | malformed smb2 packet for Server 2016 across a MPLS WAN malformed smb2 packet for Server 2016 across a MPLS WAN Hello, I am fairly new to Wireshark but I have some experience |
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.