Wireshark is still not good enough for dissecting SMB2.0. I saw a lot of "Unknown fields" in the packet captures. Netmonitor however shows more detailed packet traces for the same.Do use it . The summary itself gives a lot of info as below: 5 57.848633  192.168.12.32 WINDOWSVISTALAB  SMB2 SMB2: R  CREATE (0x5), Context=MxAc, Context=QFid, FID=0xFFFFFFFF0000003D, Mid = 235 6 57.849610  WINDOWSVISTALAB  192.168.12.32 SMB2 SMB2: C  CLOSE (0x6), FID=0xFFFFFFFF0000003D, Mid = 236 7 57.999024  192.168.12.32 WINDOWSVISTALAB  SMB2 SMB2: R  CLOSE (0x6), Mid = 236 8 57.999024  WINDOWSVISTALAB  192.168.12.32 SMB2 SMB2: C  CREATE (0x5), Name=F1024K@#8, Context=DHnQ, Context=MxAc, Context=QFid, Mid = 237 9 58.148438  192.168.12.32 WINDOWSVISTALAB  SMB2 SMB2: R  CREATE (0x5), Context=MxAc, Context=DHnQ, Context=QFid, FID=0xFFFFFFFF00000041, Mid = 237 10 58.149414  WINDOWSVISTALAB  192.168.12.32 SMB2 SMB2: C  CREATE (0x5), Context=DHnQ, Context=MxAc, Context=QFid, Mid = 238 11 58.298828  19...