How do I verify that a SMB server requires signing, preferably with Powershell? I'd like to try to connect to an SMB server from client unsigned without negotiation and see that it fails, but succeeds when signing is enabled.
I can create a connection with New-SmbMapping -RemotePath '\\THE.IP.ADD.RSS' and get current connections with Get-SMBConnection | fl * but that seems to always be signed and successful; I am looking for a command that attempts unsigned and fails if signing is required.
Using Wireshark, I captured calls to powershell command New-SmbMapping -RemotePath '\\HOSTADDRESS', viewing the packets with a Wireshark filter (_ws.col.info == "Negotiate Protocol Response"). In the content of each such response, under SMB2 > Negotiate Protocol Response, it will tell me the Security mode, both for "Signing enabled" and "Signing required".
Note that the similar flags on the request tell you nothing about what the server is requiring, so be sure to be looking at the response packets, per the Wireshark filter I noted above.