SMB2 traffic crashes network?

We've been having significant network slowdown issues over the past few weeks, primarily on a Friday morning. We run Windows 7 client machines, with Windows Server 2008 R2 servers.

What generally happens is the network starts to slow down massively at 08:55 and resumes normal speeds at around 09:20

This affects everything on the network from logging on, resetting passwords, opening programs and files etc. On my client machine, Physical Memory usage remains at around 40% (normal) and CPU usage hovers around 0-10% idle.

The servers show memory usage spikes massively and remains quite intense during the times mentioned above.

I have taken several wireshark captures, both during the slowdown and when the network operates fine.

One of the main things I noticed is the increase in SMB2 entries in the wireshark log during the slowdown.

Record Time         Source          Destination     Protocol Length Info
382    3.976460000  10.47.35.11     10.47.32.3      SMB2     362    Create Request File: pcross\My Documents
413    4.525047000  10.47.35.11     10.47.32.3      SMB2     146    Close Request File: pcross\My Documents
441    5.235927000  10.47.32.3      10.47.35.11     SMB2     298    Create Response File: pcross\My Documents\Downloads
442    5.236199000  10.47.35.11     10.47.32.3      SMB2     260    Find Request File: pcross\My Documents\Downloads SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *;Find Request File: pcross\My Documents\Downloads SMB2_FIND_ID_BOTH_DIRECTORY_INFO Pattern: *
573    6.327634000  10.47.35.11     10.47.32.3      SMB2     146    Close Request File: pcross\My Documents\Downloads
703    7.664186000  10.47.35.11     10.47.32.3      SMB2     394    Create Request File: pcross\My Documents\Downloads\WestlandsProspectus\P24 __ P21.pdf

These are some of the SMB2 records from a list of a couple of hundred which original from my computer with a destination of the fileserver.

One of the interesting things to note is the last entry in the examples above is for a PDF file. That file was not open anywhere on my computer, or on anyone elses. No folders with the files in were open either.

When I took another capture when the network was running fine, there were hardly any SMB2 entries, and the ones that were displayed were mainly from Wireshark.

We currently have around 800 computers, 90 Macs and 200 Laptops and Netbooks. Our concern is if this traffic is happening on my computer, is it happening on other computers, and if so, would those computers be adding to the slow network issues?

Again, this only happens during certain times. We're pretty sure its not the our antivirus. Is there anything to narrow down whats initializing this SMB traffic during the particular times?

Or if anyone has any extra advice, or links to resources it would be appreciate.

Edit After looking at wireshark logs on a couple of other computers, there is a definate increase in SMB traffic for adobe photoshop files on the server from my computer. It only seems to be scanning for photoshop files and related files (such as settings etc). I have CS2 ( :( ) on my computer, but the other guys have CS6, and some computers dont even have photoshop and still getting bogged down.

thanks for your reply. We're open to other possibilities other than SMB traffic. We've taken logs from a few other PCs (Network Admins) and it would appear their getting the same traffic on their logs during the slowdown time. I've edited my original post to mention that the only SMB traffic which increases during the slowdown is files related to adobe and photoshop (which we've upgraded to CS6 when the slowdown happened). We've looked at scheduled tasks, but unfortunately not found any! We've got a consultant coming on friday to have a look see. Hopefully they can shed some light!

Make sure to post back when you find out!

Turns out it was our staff quota-ing system! It was doing audits of our system to notify us of staff and students exceeding the quota.