2.2.1.2 SMB2 Packet Header - SYNC

If the SMB2_FLAGS_ASYNC_COMMAND bit is not set in Flags, the header takes the following form.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ProtocolId

StructureSize

CreditCharge

(ChannelSequence,Reserved)/Status

Command

CreditRequest/CreditResponse

Flags

NextCommand

MessageId

...

Reserved

TreeId

SessionId

...

Signature

...

...

...

ProtocolId (4 bytes): The protocol identifier. The value MUST be set to 0x424D53FE, also represented as (in network order) 0xFE, 'S', 'M', and 'B'.

StructureSize (2 bytes): This MUST be set to 64, which is the size, in bytes, of the SMB2 header structure.

CreditCharge (2 bytes): In the SMB 2.0.2 dialect, this field MUST NOT be used and MUST be reserved. The sender MUST set this to 0, and the receiver MUST ignore it. In all other dialects, this field indicates the number of credits that this request consumes.

(ChannelSequence,Reserved)/Status (4 bytes): In a request, this field is interpreted in different ways depending on the SMB2 dialect.

In the SMB 3.x dialect family, this field is interpreted as the ChannelSequence field followed by the Reserved field in a request.

ChannelSequence (2 bytes): This field is an indication to the server about the client's Channel change.

Reserved (2 bytes): This field SHOULD be set to zero and the server MUST ignore it on receipt.

In the SMB 2.0.2 and SMB 2.1 dialects, this field is interpreted as the Status field in a request.

Status (4 bytes): The client MUST set this field to 0 and the server MUST ignore it on receipt. 

In all SMB dialects for a response this field is interpreted as the Status field. This field can be set to any value. For a list of valid status codes, see [MS-ERREF] section 2.3.

Command (2 bytes): The command code of this packet. This field MUST contain one of the following valid commands.

Name

Value

SMB2 NEGOTIATE

0x0000

SMB2 SESSION_SETUP

0x0001

SMB2 LOGOFF

0x0002

SMB2 TREE_CONNECT

0x0003

SMB2 TREE_DISCONNECT

0x0004

SMB2 CREATE

0x0005

SMB2 CLOSE

0x0006

SMB2 FLUSH

0x0007

SMB2 READ

0x0008

SMB2 WRITE

0x0009

SMB2 LOCK

0x000A

SMB2 IOCTL

0x000B

SMB2 CANCEL

0x000C

SMB2 ECHO

0x000D

SMB2 QUERY_DIRECTORY

0x000E

SMB2 CHANGE_NOTIFY

0x000F

SMB2 QUERY_INFO

0x0010

SMB2 SET_INFO

0x0011

SMB2 OPLOCK_BREAK

0x0012

CreditRequest/CreditResponse (2 bytes): On a request, this field indicates the number of credits the client is requesting. On a response, it indicates the number of credits granted to the client.

Flags (4 bytes): A Flags field indicates how to process the operation. This field MUST be constructed using the following values:

Value

Meaning

SMB2_FLAGS_SERVER_TO_REDIR

0x00000001

When set, indicates the message is a response, rather than a request. This MUST be set on responses sent from the server to the client and MUST NOT be set on requests sent from the client to the server.

SMB2_FLAGS_ASYNC_COMMAND

0x00000002

When set, indicates that this is an ASYNC SMB2 header. This flag MUST NOT be set when using the SYNC SMB2 header.

SMB2_FLAGS_RELATED_OPERATIONS

0x00000004

When set in an SMB2 request, indicates that this request is a related operation in a compounded request chain. The use of this flag in an SMB2 request is as specified in section 3.2.4.1.4.

When set in an SMB2 compound response, indicates that the request corresponding to this response was part of a related operation in a compounded request chain. The use of this flag in an SMB2 response is as specified in section 3.3.5.2.7.2.

SMB2_FLAGS_SIGNED

0x00000008

When set, indicates that this packet has been signed. The use of this flag is as specified in section 3.1.5.1.

SMB2_FLAGS_PRIORITY_MASK

0x00000070

This flag is only valid for the SMB 3.1.1 dialect. It is a mask for the requested I/O priority of the request, and it MUST be a value in the range 0 to 7.

SMB2_FLAGS_DFS_OPERATIONS

0x10000000

When set, indicates that this command is a DFS operation. The use of this flag is as specified in section 3.3.5.9.

SMB2_FLAGS_REPLAY_OPERATION

0x20000000

This flag is only valid for the SMB 3.x dialect family. When set, it indicates that this command is a replay operation.

The client MUST ignore this bit on receipt.

NextCommand (4 bytes): For a compounded request and response, this field MUST be set to the offset, in bytes, from the beginning of this SMB2 header to the start of the subsequent 8-byte aligned SMB2 header. If this is not a compounded request or response, or this is the last header in a compounded request or response, this value MUST be 0.

MessageId (8 bytes): A value that identifies a message request and response uniquely across all messages that are sent on the same SMB 2 Protocol transport connection.

Reserved (4 bytes): The client SHOULD<3> set this field to 0. The server MAY<4> ignore this field on receipt.

TreeId (4 bytes): Uniquely identifies the tree connect for the command. This MUST be 0 for the SMB2 TREE_CONNECT Request. The TreeId can be any unsigned 32-bit integer that is received from a previous SMB2 TREE_CONNECT Response. TreeId SHOULD be set to 0 for the following commands:

SessionId (8 bytes): Uniquely identifies the established session for the command. This field MUST be set to 0 for an SMB2 NEGOTIATE Request (section 2.2.3) and for an SMB2 NEGOTIATE Response (section 2.2.4).

Signature (16 bytes): The 16-byte signature of the message, if SMB2_FLAGS_SIGNED is set in the Flags field of the SMB2 header and the message is not encrypted. If the message is not signed, this field MUST be 0.