Tshark -p -w FILENAME -f "port 445 and host IP_ADDRESS_OF_THE_CLIENT" If you know the ip address of the client you can use the following to reduce the volume of the trace: If you're sure the problem is only related to SMB, you can filter the traffic based on the ports: If tracing on the server puts too much load on the server system to reproduce the problem or results in a network trace that is too large, tracing from the client can be attempted instead.įrom the command line of the operating system type: (note: in the table below, replace FILENAME with a more descriptive file name): On the other hand if it concerns things related to authentication or Active Directory protocols it's often better to do the tracing from the server as most of the time we will need packets exchanged during the boot of the computer or during user's logon. If your problem concerns file exchange then tracing can be done on the client or on the server. It is often easiest to run the capture tool from the command-line, unless debugging a problem that requires complex capture filters to be set (to reduce the network trace).įor more complex tasks the GUI based network tools, such as wireshark, may be easier for beginners to use. The best way to do this depends on the tools available on your system. When diagnosing a problem, Samba developers are likely to request a packet capture (or trace). 6.2 For authentication, LDAP, GPO related problems.3.3 Tracing SMB traffic of a specific client.
0 Comments
Leave a Reply. |