Ethereal-users: [Ethereal-users] SMB Troubles

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Tom Harms <tom@xxxxxxxxxxxxxxxx>
Date: Mon, 20 Mar 2006 14:46:00 -0500
Hello out there in Ethereal Land,
I'm not sure how much my question belongs here vs. a more general networking newsgroup, but I'm a bit of a network newbie, so if it belongs elsewhere any advice on where would be appreciated and apologies for cluttering the list.
I'm using ethereal to debug a performance problem on my LAN. I have a Win2003 Server (which is also being used as a Domain Controller, Active Directory, etc. It's the all purpose small office server) and 2 Windows XP clients. The server hosts a file share with files for my application. Each PC runs a thick client for the app (so the server is really nothing but a file share as far as this app is concerned).
When doing a search in my app, I've found that the first PC (call it PC#1) to attach to the share gets relatively good performance (2 second response). The second PC (PC#2) then slows way down (7 second response). Note that the results are the same regardless of which actual PC I use as PC#1 and PC#2 - it's the order and not something about the actual PC that changes the performance.
My ethereal trace showed me that the extra slowdown on PC#2 is caused by lots and lots of extra SMB Packets. (PC#1 has around 20% SMB packets and the rest general TCP/IP, whereas PC#2 has around 80% SMB packets. Around 4MB of extra data passing back and forth.). The surplus seems to all (or almost all) be of the form 

   Read Andx Request
   Read Andx Response
At one point there are around 22,000 consecutive such transactions with almost nothing else.
Interestingly enough, when I make a duplicate copy of my application data and host it on my laptop (XP) rather than the Win2003 Server, the problem goes away. That is, PC#1 and PC#2 can simultaneously connect to my laptop and get almost identical response times with nearly identical ethereal traces. I have swapped cabling & network ports between my Laptop and the Server to help rule that out as a cause. So there is something about that Win2003 Server (and the way it interacts with the world) that is at the root of the problem.
NetBios is enabled, although I disabled it on a PC (but not on the server) to force the traffic outside of Netbios and port 139. That did not substantively affect the results of the experiment.
Any ideas of what might cause this or steps you might take to try to narrow it down (or as I mentioned before another place I might want to post) would be greatly appreciated. I'm a bit at a loss. 

Thanks!

--Tom