SMB2 Signing and WAN Accelerator problems ...

Richard Sharpe realrichardsharpe at
Wed Jul 31 07:49:33 MDT 2013

Hi folks,

I have evidence that at least one code revision in one of the WAN
Accelerator products out there (I don't know which one) modifies SMB2
Headers, and thus breaks SMB2 signing. The evidence takes the form of
captures on both sides of the WAN and the packets have been modified
on the server side of the WAN compared with the client side.

They did not understand, it seems, that Command IDs can appear out of
order in SMB2 PDUs on a TCP connection and they reorder them. This
changes the SMB2 signature and breaks SMB2 signing.

This might have been caused by the fact that the Wireshark SMB2
dissector mislabels this field as the Command Sequence Number which
has certain connotations.

A patch to fix this has been applied to the Wireshark repository and
should turn up with the next release.

(I have also checked the SMB2 Signing code and it looks pretty solid.)

Richard Sharpe

More information about the samba-technical mailing list