I have a local USB drive mounted into a Linux box on my home network. I have samba installed and it shares a directory of that USB drive and I can connect to that share from my Windows box with the user/pass I have set up with smbpasswd for that user. That all works.
My concern is how those credentials are passed on the wire from my Windows box to my Linux box. I have captured the SMB transactions with Wireshark and I do not detect my credentials in any of the packets, but I do not have enough knowledge of the SMB protocol to dissect exactly where the authentication takes place.
Can someone explain to me how the credentials are passed in this scenario and whether I should expect to see them on the wire?
Thanks
The basis is the CIFS/SMB protocol
Unless you're using Kerberos, the mechanism may still be NTLM:
etc.