2.2.4 SMB2 NEGOTIATE Response

The SMB2 NEGOTIATE Response packet is sent by the server to notify the client of the preferred common dialect. This response is composed of an SMB2 header, as specified in section 2.2.1, followed by this response structure.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

StructureSize

SecurityMode

DialectRevision

NegotiateContextCount/Reserved

ServerGuid

...

...

...

Capabilities

MaxTransactSize

MaxReadSize

MaxWriteSize

SystemTime

...

ServerStartTime

...

SecurityBufferOffset

SecurityBufferLength

NegotiateContextOffset/Reserved2

Buffer (variable)

...

Padding (variable)

...

NegotiateContextList (variable)

...

StructureSize (2 bytes): The server MUST set this field to 65, indicating the size of the response structure, not including the header. The server MUST set it to this value, regardless of the number of negotiate contexts or how long Buffer[] actually is in the response being sent.

SecurityMode (2 bytes): The security mode field specifies whether SMB signing is enabled, required at the server, or both. This field MUST be constructed using the following values.

Value

Meaning

SMB2_NEGOTIATE_SIGNING_ENABLED

0x0001

When set, indicates that security signatures are enabled on the server.

SMB2_NEGOTIATE_SIGNING_REQUIRED

0x0002

When set, indicates that security signatures are required by the server.

DialectRevision (2 bytes): The preferred common SMB 2 Protocol dialect number from the Dialects array that is sent in the SMB2 NEGOTIATE Request (section 2.2.3) or the SMB2 wildcard revision number. The server SHOULD set this field to one of the following values.

Value

Meaning

0x0202

SMB 2.0.2 dialect revision number.

0x0210

SMB 2.1 dialect revision number.<20>

0x0300

SMB 3.0 dialect revision number.<21>

0x0302

SMB 3.0.2 dialect revision number.<22>

0x0311

SMB 3.1.1 dialect revision number. <23>

0x02FF

SMB2 wildcard revision number; indicates that the server implements SMB 2.1 or future dialect revisions and expects the client to send a subsequent SMB2 Negotiate request to negotiate the actual SMB 2 Protocol revision to be used. The wildcard revision number is sent only in response to a multi-protocol negotiate request with the "SMB 2.???" dialect string.<24>

NegotiateContextCount/Reserved (2 bytes): If the DialectRevision field is 0x0311, this field specifies the number of negotiate contexts in NegotiateContextList; otherwise, this field MUST NOT be used and MUST be reserved. The server SHOULD set this to 0, and the client MUST ignore it on receipt.<25>

ServerGuid (16 bytes): A globally unique identifier (GUID) that is generated by the server to uniquely identify this server. This field MUST NOT be used by a client as a secure method of identifying a server.<26>

Capabilities (4 bytes): The Capabilities field specifies protocol capabilities for the server. This field MUST be constructed using a combination of zero or more of the following values.

Value

Meaning

SMB2_GLOBAL_CAP_DFS

0x00000001

When set, indicates that the server supports the Distributed File System (DFS).

SMB2_GLOBAL_CAP_LEASING

 0x00000002

When set, indicates that the server supports leasing. This flag is not valid for the SMB 2.0.2 dialect.

SMB2_GLOBAL_CAP_LARGE_MTU

0x00000004

When set, indicates that the server supports multi-credit operations. This flag is not valid for the SMB 2.0.2 dialect.

SMB2_GLOBAL_CAP_MULTI_CHANNEL

0x00000008

When set, indicates that the server supports establishing multiple channels for a single session. This flag is not valid for the SMB 2.0.2 and SMB 2.1 dialects. .

SMB2_GLOBAL_CAP_PERSISTENT_HANDLES

0x00000010

When set, indicates that the server supports persistent handles. This flag is not valid for the SMB 2.0.2 and SMB 2.1 dialects.

SMB2_GLOBAL_CAP_DIRECTORY_LEASING

0x00000020

When set, indicates that the server supports directory leasing. This flag is not valid for the SMB 2.0.2 and SMB 2.1 dialects.

SMB2_GLOBAL_CAP_ENCRYPTION

0x00000040

When set, indicates that the server supports encryption. This flag is valid for the SMB 3.0 and 3.0.2 dialects.

SMB2_GLOBAL_CAP_NOTIFICATIONS

0x00000080

When set, indicates that the server supports server-to-client notifications, specified in section 2.2.44. This flag is not valid for the SMB 2.0.2, 2.1, 3.0 and 3.0.2 dialects.

MaxTransactSize (4 bytes): The maximum size, in bytes, of the buffer that can be used for QUERY_INFO, QUERY_DIRECTORY, SET_INFO and CHANGE_NOTIFY operations. This field is applicable only for buffers sent by the client in SET_INFO requests, or returned from the server in QUERY_INFO, QUERY_DIRECTORY, and CHANGE_NOTIFY responses.<27>

MaxReadSize (4 bytes): The maximum size, in bytes, of the Length in an SMB2 READ Request (section 2.2.19) that the server will accept.

MaxWriteSize (4 bytes): The maximum size, in bytes, of the Length in an SMB2 WRITE Request (section 2.2.21) that the server will accept.

SystemTime (8 bytes): The system time of the SMB2 server when the SMB2 NEGOTIATE Request was processed; in FILETIME format as specified in [MS-DTYP] section 2.3.3.

ServerStartTime (8 bytes): The SMB2 server start time, in FILETIME format as specified in [MS-DTYP] section 2.3.3.

SecurityBufferOffset (2 bytes): The offset, in bytes, from the beginning of the SMB2 header to the security buffer.

SecurityBufferLength (2 bytes): The length, in bytes, of the security buffer.

NegotiateContextOffset/Reserved2 (4 bytes): If the DialectRevision field is 0x0311, then this field specifies the offset, in bytes, from the beginning of the SMB2 header to the first 8-byte aligned negotiate context in NegotiateContextList; otherwise, the server MUST set this to 0 and the client MUST ignore it on receipt.

Buffer (variable): The variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer SHOULD contain a token as produced by the GSS protocol as specified in section 3.3.5.4. If SecurityBufferLength is 0, this field is empty and then client-initiated authentication, with an authentication protocol of the client's choice, will be used instead of server-initiated SPNEGO authentication as described in [MS-AUTHSOD] section 2.1.2.2.

Padding (variable): Optional padding between the end of the  Buffer field and the first negotiate context in the NegotiateContextList so that the first negotiate context is 8-byte aligned.

NegotiateContextList (variable): If the DialectRevision field is 0x0311, a list of negotiate contexts. The first negotiate context in the list MUST appear at the byte offset indicated by the SMB2 NEGOTIATE response's NegotiateContextOffset. Subsequent negotiate contexts MUST appear at the first 8-byte aligned offset following the previous negotiate context.