Why is a file server a prime target for capturing NTLMv2 hashes from other users?

When users in the internal network access a file server, their Windows machine automatically sends the current user's NTLM password hash for authentication. By capturing packets on the server, an attacker can collect these Net-NTLM hashes from multiple users without needing any client-side compromise. This technique is related to other hash-capture methods, such as using icon files described in Penetration Techniques - Using Icon Files to Obtain NTLMv2 Hash from File Server Connections.