SMB statistics

From Allegro Packets Product Wiki
Jump to navigation Jump to search

The SMB statistics shows information about SMB/CIFS file transfers. It shows detailed information for unencrypted SMB traffic and basic information for encrypted SMB traffic. Old SMB1 and newer SMB2/3 versions are supported.

For all SMB traffic, the statistics include the exact negotiated SMB dialects which can be helpful if there are problems with clients connecting to specific servers.

Web interface

SMB statistics.png

Overview

The overview tab shows a global statistics about how many shares, clients, servers, and connections are available in the corresponding tabs.

Additionally, the total number of connections processed and the number of encrypted connections is shown. These numbers might be higher than the number of analysed connections, since old and inactive connections may be removed when the internal memory is full.

Shares

The shares tab shows all SMB servers which have been seen to handle unencrypted SMB traffic. The table show the server IP, known alternative names for the IP, and SMB share name. The number of successful and failed connects to the share are shown as well as the number disconnects.

A specific share can be clicked on the get a table of all files accessed on this share. The list can be filtered for specific file names.

The shown information include the time when the file has been opened for reading or writing the first time and the latest time. The time when the file has been closed last is shown too. The last delete time is the time when the file has been deleted (successfully or unsuccessfully).

The number of file opens, file closes, and file deletes is shown both for successful and failed operations.

The number of bytes read and written per file is also shown. This is the number requested by the client, it does not cover retransmissions and overall overhead, just plain file bytes.

Clients

The clients tab shows all SMB clients seen on the network and all SMB dialects they claim to support. The actual used SMB dialect are shown as well. Also, the number of encrypted flows is shown. Additional counters are shown indicating the number of failed SMB operations.

The "Go to" column allows to jump to generic IP details of the corresponding SMB client, and to SMB connection details for this client.

Client connection details

The client connection view shows information about individual SMB connections of the selected SMB client.

The table contains information about the SMB negotiation state indicating which dialects have been requested by the client and which dialect has been actually used for the connection. This is especially helpful if some clients show connection problems to specific SMB servers. Additional counters are shown indicating the number of failed SMB operations.

Servers

The servers tab shows all SMB servers seen on the network and their corresponding SMB dialect they are operating. Also, the number of encrypted flows is shown.