Hi Richard,
>That confusion has probably caused one of the WAN Accelerator companies to break SMB2 Signing by mishandling that field. Not sure which one it is, since the customer hasn't told me whose WAN Accelerator they use. (Hint, it is possible for those numbers to be out of order in a TCP stream.)
I agree with changing the label to "SMB2 Message ID" but unless the WAN Accelerator uses Wireshark to decode SMB2 traffic which seems very unlikely, I don’t think the old label would make any difference. Even if it does use Wireshark, it would probably use the ‘smb2.seq_num’ filter rather than dumping the frame or capture to a text file and searching for “SMB2 Message ID”. The latter operation would defeat the purpose of the device because throughput would be greatly reduced.
Cheers,
Cal
