Recently I did some work troubleshooting a SMB problem. I used wireshark packet capture, the firewall packet capture, and also Microsoft message analyzer packet captures. Microsoft message analyzer was pretty easy to use, as it has a SMB view/filter that allows you to show the SMB traffic. Now if it was really awesome, it could ask if there was a problem with any SMB sessions, and an expert system would identify problems. Well that doesn’t exist, that I know of. Wireshark does not have it either, maybe Omnipeek or some other high end tool.
If you have issues with SMB, check out the link below to disable or enable SMB versions. You may have Windows issues with compatibility, either forward or reverse functions that maybe the root cause. Kill the SMB except for the one you are working with.
