Where is my SMB3 in Network Monitor?

  • Article

If you are playing around with SMB3 and is trying to find more details on network traffic using Microsoft Network Monitor you may find out that SMB3 is not on the protocol’s list as shown below:

image

Before moving forward, it is important to emphasize that this behavior is expected. There are a couple of thing that you need to understand about this:

  • You need to download the latest protocol parsers (at least version 2890) in order to parse SMB3 protocol. For that go to https://connect.microsoft.com , click Message Analyzer, Network Monitor and Protocol Suites and download the latest version from there.
  • Even after installing the latest parse you will NOT see protocol.SMB3 in the list (expected). You should use SMB2 and it will parse SMB3 protocol using the latest parser.

More info about Protocol parse see https://blogs.technet.com/netmon and for more information about SMB 3 Protocol specification see https://msdn.microsoft.com/en-us/library/cc246482%28prot.20%29.aspx