How to find out from a client if a smb/cifs connection is encrpyted?

SMB can be encrypted in its different versions and can be activated as described on . On the server the encrytion can be tested using the powershell as shown on .

But how can I test a (or several) smb connection(s) on Windows (and Linux) computers as connected client if the encrytion is really used?

1 Answer

For Windows 10 clients use Get-SmbConnection from PowerShell with admin rights. It has extra fields which aren't shown in the default table format, but can be requested by name:

Get-SmbConnection | ft ServerName,ShareName,Encrypted

For Linux clients using the kernel cifs module (kernel filesystem mounts), I think this should be available in the file /proc/fs/cifs/DebugData along with other information, but either it's not actually there or at least not obvious. See the smbclient paragraph below.

For Linux clients using the userspace smbclient library (including GNOME's smb:// paths), there's no easy way of knowing. I would run a packet capture using Wireshark and see what happens when I read a file – the difference between plain and encrypted SMB packets is easily visible.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy