Wireshark-users: [Wireshark-users] High SMB Traffic
From: "Olson, Rick" <olsonr@xxxxxxxxxxxx>
Date: Wed, 20 Aug 2008 10:08:30 -0700

Hi all,

 

I’ve been doing a few traffic captures during my lunch break of one of our main file storage servers.  Over the last week or so I’ve received dozens of complaints that files are taking much longer to open, so I began my investigation.

 

What I’ve found is that SMB traffic is at 65-68%.  Digging down a little further I found Trans2 commands to be anywhere from 58-62%, and subcommands show QUERY_PATH_INFO to be close to 65% consistently.

 

This file server houses departmental, home, and user profile folders.  However I’m not sure specifically what’s causing this.  The only thing that comes to mind, which is my question, is that users store email archives (in PST format, I know…) in their home folders.  Would having lots of PST archives open cause the QUERY_PATH_INFO call or should I be looking at something else as the root cause?

 

Rick