Wireshark-users: Re: [Wireshark-users] Tshark smb query
From: Guy Harris <[email protected]>
Date: Thu, 14 Oct 2010 11:02:26 -0700
On Oct 14, 2010, at 5:41 AM, Tal Bar-Or wrote:

> I would like to recognize which command is client side and which is server side to analyze source of latency

All those commands are "client side" in the sense that the client sent the command to the server, and the server sent a reply back to the client.  (The only commands that are sent from the server to the client are commands such as oplock breaks.)

If by "analyze source of latency" you mean "determine whether the latency is network latency or server latency", you'd probably need to capture traffic on the client *and* on the server, so that you can determine when the client sends a request, when the server receives the request, when the server sends the reply, and when the client receives the reply.