http://blog.gmane.org/gmane.linux.file-systems.cifs hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.file-systems.cifs/6286 <pre>Hi Shirish, I've been working on some backports of some upstream patch series and have run into what I think is a problem with the new crypto code. The problem mainly seems to manifest itself as bad signatures in write calls. This causes a win2k8 server (at least) to reject the call with STATUS_ACCESS_DENIED and stop responding to other calls on the socket. I did a bisect of sorts, and got to this patch: commit ca83ce3d5b9ad321ee24f5870a77f0b21ac5a5de Author: Jeff Layton &lt;jlayton&lt; at &gt;redhat.com&gt; Date: Tue Apr 12 09:13:44 2011 -0400 cifs: don't allow mmap'ed pages to be dirtied while under writeback (try #3) My original thought was that something was altering these pages while they were under writeback, but I did some instrumentation and found that not to be the case. The signature is the same before and after the send when this occurs. A key change in this patch is that when signing is enabled, the code started using CIFSSMBWrite2(), which marshals up the send buffer in an array of kvecs. That leads me to believe that the cifs_sign_smb2 codepath is busted. I'll see if I can come up with a testcase, but I'm not that familiar with the kernel crypto code. Is this something you've seen in your testing? Any immediate thoughts as to where the problem may be? </pre> Jeff Layton 2011-06-17T13:06:56 http://comments.gmane.org/gmane.linux.file-systems.cifs/6283 <pre> Using mount -t cifs //server/share /mnt/share between two big servers connected with 10GigE, I've got : 115 MB/s reading, 132 MB/s writing. Using smbclient, I've got 450 MB/s reading, 132 MB/s writing (NFS gives ~ 260 MB/s write, 550 MB/s read on the same setup, with absolutely zero optimisation). Why this huge difference? BTW, why such a discrepancy between read and write speed? </pre> Emmanuel Florac 2011-01-27T18:07:19 http://comments.gmane.org/gmane.linux.file-systems.cifs/6278 <pre>The CONFIG_CIFS_EXPERIMENTAL KConfig option is the sort of thing that gives distro packagers nightmares. The things that live under it are impossible to predict for someone who isn't following development upstream. We usually want bleeding-edge distros like Fedora to turn on these sorts of bleeding edge features, but it's difficult for them to do so with any confidence because so much of the code under this option is just plain broken. If we have code that needs to be conditionally compiled in, then it generally ought to be given its own KConfig option. This patchset eliminates the CONFIG_CIFS_EXPERIMENTAL Kconfig option. Code that currently resides under this option is either moved to being built in by default or is removed from the kernel altogether. The last patch in the series also removes /proc/fs/cifs/Experimental -- a knob that's purpose has been unclear since I've been working on CIFS. I've tested this by building cifs.ko with a variety of different Kconfig combinations and it seems to be OK. I think this patchset is appropriate for 2.6.38, though I won't object if you want to merge it sooner. Jeff Layton (4): cifs: remove export_ops code cifs: move "ntlmssp" and "local_leases" options out of experimental code cifs: remove CIFSSMBQueryReparseLinkInfo and CONFIG_CIFS_EXPERIMENTAL cifs: remove /proc/fs/cifs/Experimental fs/cifs/Kconfig | 13 ------ fs/cifs/Makefile | 2 +- fs/cifs/README | 12 ----- fs/cifs/cifs_debug.c | 42 ------------------- fs/cifs/cifsfs.c | 8 ---- fs/cifs/cifsfs.h | 4 -- fs/cifs/cifsglob.h | 1 - fs/cifs/cifsproto.h | 6 --- fs/cifs/cifssmb.c | 109 +------------------------------------------------- fs/cifs/connect.c | 4 -- fs/cifs/export.c | 67 ------------------------------ fs/cifs/file.c | 6 +- fs/cifs/sess.c | 103 +++++++++++++++++++++------------------------- 13 files changed, 52 insertions(+), 325 deletions(-) delete mode 100644 fs/cifs/export.c </pre> Jeff Layton 2010-12-07T14:22:13 http://comments.gmane.org/gmane.linux.file-systems.cifs/6263 <pre>If you're receiving this email, then you are currently subscribed to the linux-cifs-client&lt; at &gt;lists.samba.org mailing list. As of today, this list is officially deprecated. The new mailing list is now linux-cifs&lt; at &gt;vger.kernel.org. New posts to the old list are no longer allowed and we will soon begin mass unsubscribing all members of the old list. Thank you for your patience! </pre> Jeff Layton 2010-06-19T10:58:26 http://comments.gmane.org/gmane.linux.file-systems.cifs/6261 <pre>This bug appears to be the result of a cut-and-paste mistake from the NTLMv1 code. The function to generate the MAC key was commented out, but not the conditional above it. The conditional then ended up causing the session setup key not to be copied to the buffer unless this was the first session on the socket, and that made all but the first NTLMv2 session setup fail. Fix this by removing the conditional and all of the commented clutter that made it difficult to see. Cc: Stable &lt;stable&lt; at &gt;kernel.org&gt; Reported-by: Gunther Deschner &lt;gdeschne&lt; at &gt;redhat.com&gt; Signed-off-by: Jeff Layton &lt;jlayton&lt; at &gt;redhat.com&gt; --- fs/cifs/sess.c | 10 +--------- 1 files changed, 1 insertions(+), 9 deletions(-) diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 7707389..0a57cb7 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c &lt; at &gt;&lt; at &gt; -730,15 +730,7 &lt; at &gt;&lt; at &gt; ssetup_ntlmssp_authenticate: /* calculate session key */ setup_ntlmv2_rsp(ses, v2_sess_key, nls_cp); -if (first_time) /* should this be moved into common code - with similar ntlmv2 path? */ -/* cifs_calculate_ntlmv2_mac_key(ses-&gt;server-&gt;mac_signing_key, -response BB FIXME, v2_sess_key); */ - -/* copy session key */ - -/*memcpy(bcc_ptr, (char *)ntlm_session_key,LM2_SESS_KEY_SIZE); -bcc_ptr += LM2_SESS_KEY_SIZE; */ +/* FIXME: calculate MAC key */ memcpy(bcc_ptr, (char *)v2_sess_key, sizeof(struct ntlmv2_resp)); bcc_ptr += sizeof(struct ntlmv2_resp); </pre> Jeff Layton 2010-06-16T13:38:13 http://comments.gmane.org/gmane.linux.file-systems.cifs/6260 <pre>If you're receiving this email then you are likely a subscriber of linux-cifs-client&lt; at &gt;lists.samba.org. Please read on to make sure that you continue to receive emails for this list. WHAT IS CHANGING AND WHY: ------------------------- This mailing list (linux-cifs-client&lt; at &gt;lists.samba.org) is moving to linux-cifs&lt; at &gt;vger.kernel.org. The main reasons are that vger has very good spam filtering, nearly unlimited bandwidth and an open posting policy for non-subscribers. WHAT YOU NEED TO DO: -------------------- If you wish to remain a subscriber of the list. You should immediately subscribe to the new list. Details of how to do that are here: http://vger.kernel.org/vger-lists.html#linux-cifs Please subscribe to the new list by June 19th, 2010. SENDING POSTS DURING THE INTERIM: -------------------------------- Forwarding between the two lists won't work correctly, and I don't have a lot of incentive to make it do so. In the interim, it's probably best to send messages to both lists. On June 19th, 2010, we will begin blocking posts to the old list from subscribers. At that point it should be sufficient to just send to the new list. Please forward questions or concerns to me and I'll try to make sure they are addressed. </pre> Jeff Layton 2010-06-12T10:29:02 http://comments.gmane.org/gmane.linux.file-systems.cifs/6250 <pre>Hello, I found out that a stat call: stat -f %directory% gives zero for a cifs mounts. Why is that? Stef </pre> Stef Bon 2010-06-05T17:02:46 http://comments.gmane.org/gmane.linux.file-systems.cifs/6246 <pre>If you're receiving this email then you are likely a subscriber of linux-cifs-client&lt; at &gt;lists.samba.org. Please read on to make sure that you continue to receive emails for this list. WHAT IS CHANGING AND WHY: ------------------------- This mailing list (linux-cifs-client&lt; at &gt;lists.samba.org) is moving to linux-cifs&lt; at &gt;vger.kernel.org. The main reasons are that vger has very good spam filtering, nearly unlimited bandwidth and an open posting policy for non-subscribers. WHAT YOU NEED TO DO: -------------------- If you wish to remain a subscriber of the list. You should immediately subscribe to the new list. Details of how to do that are here: http://vger.kernel.org/vger-lists.html#linux-cifs Please subscribe to the new list within 14 days (by June 19th, 2010). SENDING POSTS DURING THE INTERIM: -------------------------------- Forwarding between the two lists won't work correctly, and I don't have a lot of incentive to make it do so. In the interim, it's probably best to send messages to both lists. On June 19th, 2010, we will begin blocking posts to the old list from subscribers. At that point it should be sufficient to just send to the new list. Please forward questions or concerns to me and I'll try to make sure they are addressed. I'll be sending another reminder in 7 days or so. </pre> Jeff Layton 2010-06-05T10:50:23 http://comments.gmane.org/gmane.linux.file-systems.cifs/6245 <pre>This email is a test to make sure that forwarding from linux-cifs-client&lt; at &gt;lists.samba.org to linux-cifs&lt; at &gt;vger.kernel.org actually works. Please ignore! </pre> Jeff Layton 2010-06-05T10:31:08 http://comments.gmane.org/gmane.linux.file-systems.cifs/6243 <pre>The option parsing function now accepts all values for 'dir_mode' that are supported by the kernel side code. Signed-off-by: Scott Lovenberg &lt;scott.lovenberg&lt; at &gt;gmail.com&gt; --- mount.cifs.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/mount.cifs.c b/mount.cifs.c index 65754c0..21ce532 100644 --- a/mount.cifs.c +++ b/mount.cifs.c &lt; at &gt;&lt; at &gt; -812,7 +812,7 &lt; at &gt;&lt; at &gt; static int parse_opt_token(const char *token) return OPT_FILE_MODE; if (strncmp(token, "dmask", 5) == 0) return OPT_DMASK; -if (strncmp(token, "dir_mode", 8) == 0) +if (strncmp(token, "dir_mode", 4) == 0 || strncmp(token, "dirm", 4) == 0) return OPT_DIR_MODE; if (strncmp(token, "nosuid", 6) == 0) return OPT_NO_SUID; </pre> Scott Lovenberg 2010-06-03T06:39:19 http://comments.gmane.org/gmane.linux.file-systems.cifs/6234 <pre>Hi Steve, The following is a comprehensive set of patches that I have queued up for 2.6.35. They fix a number of important bugs, including: - a page refcount leak introduced in a recent patch by Nick P. - a long-standing bug involving busy-file renames - a set of fixes for all known "Busy inodes after umount..." problems (see https://bugzilla.samba.org/show_bug.cgi?id=7433) It also contains the "drop_inode" patch which helps reduce memory utilization when server inode numbers aren't used. It may be easiest to pull these from my git repo on kernel.org. Pull request follows: The following changes since commit 67a3e12b05e055c0415c556a315a3d3eb637e29e: Linus Torvalds (1): Linux 2.6.35-rc1 are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux.git for-sfrench Jeff Layton (7): cifs: fix page refcount leak cifs: don't attempt busy-file rename unless it's in same directory cifs: implement drop_inode superblock op cifs: move cifs_new_fileinfo call out of cifs_posix_open cifs: pass instantiated filp back after open call cifs: clean up arguments to cifs_open_inode_helper cifs: don't call cifs_new_fileinfo unless cifs_open succeeds Suresh Jayaraman (1): cifs: don't ignore cifs_posix_open_inode_helper return value fs/cifs/cifsfs.c | 16 +++++++-- fs/cifs/cifsproto.h | 1 - fs/cifs/dir.c | 76 ++++++++++++++++++++++---------------- fs/cifs/file.c | 101 ++++++++++++++++++--------------------------------- fs/cifs/inode.c | 4 ++ 5 files changed, 97 insertions(+), 101 deletions(-) </pre> Jeff Layton 2010-06-01T14:54:44 http://comments.gmane.org/gmane.linux.file-systems.cifs/6226 <pre>Wondering what could be the reason behind CIFS allowing multiple mounts on same mount points while other Network File systems (say NFS) does not.. For e.g. mount -t cifs //server/share /mnt/cifs mount -t cifs //server/share /mnt/cifs (also succeeds) where one would expect an -EBUSY error during the second attempt. Though I do not see any major issues, this behavior could be confusing for users when they discover the mount is still present after umount (because they mounted it twice unknowingly) or when they see multiple mounts on same mount points. Thanks, </pre> Suresh Jayaraman 2010-05-31T12:56:19 http://comments.gmane.org/gmane.linux.file-systems.cifs/6224 <pre>When the mount option parsing was cleaned up recently, the detection of the "cred=" option was dropped. Signed-off-by: Jeff Layton &lt;jlayton&lt; at &gt;samba.org&gt; --- mount.cifs.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/mount.cifs.c b/mount.cifs.c index 326b94e..65754c0 100644 --- a/mount.cifs.c +++ b/mount.cifs.c &lt; at &gt;&lt; at &gt; -800,6 +800,8 &lt; at &gt;&lt; at &gt; static int parse_opt_token(const char *token) return OPT_UNC; if (strncmp(token, "dom", 3) == 0 || strncmp(token, "workg", 5) == 0) return OPT_DOM; +if (strncmp(token, "cred", 4) == 0) +return OPT_CRED; if (strncmp(token, "uid", 3) == 0) return OPT_UID; if (strncmp(token, "gid", 3) == 0) </pre> Jeff Layton 2010-05-30T11:58:53 http://comments.gmane.org/gmane.linux.file-systems.cifs/6220 <pre>.and ensure that we propagate the error back to avoid any surprises. Signed-off-by: Suresh Jayaraman &lt;sjayaraman&lt; at &gt;suse.de&gt; --- fs/cifs/file.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index a83541e..ae89625 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c &lt; at &gt;&lt; at &gt; -309,8 +309,8 &lt; at &gt;&lt; at &gt; int cifs_open(struct inode *inode, struct file *file) on read only files needed here */ pCifsFile = cifs_fill_filedata(file); -cifs_posix_open_inode_helper(inode, file, pCifsInode, - oplock, netfid); +rc = cifs_posix_open_inode_helper(inode, file, +pCifsInode, oplock, netfid); goto out; } else if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) { if (tcon-&gt;ses-&gt;serverNOS) </pre> Suresh Jayaraman 2010-05-28T10:48:19 http://comments.gmane.org/gmane.linux.file-systems.cifs/6215 <pre>Hello, I've got a question about how to find out what resource the mounted share belongs to. In userspace this is not hard. Is there a way to know (or to find out/determine, really knowing only humans do), for a program using a filesystem what SMB server/share the filesystem belonging to? I've read somewhere that for every fs mounted the kernel has a unique number, maye this value is important? So looking in a table number -&gt; unc address. In my construction at a higher level there are ways to do that. Every resource (not only SMB) is represented with a md5 value. Futher what are the main issues you're working on? I see a lot of messages. SMB2 and MultiSessionMount I know. Stef Bon </pre> Stef Bon 2010-05-27T13:44:51 http://comments.gmane.org/gmane.linux.file-systems.cifs/6210 <pre>Going from kernel (x86) 2.6.27-8 (I am not sure which version of mount.cifs) to 2.6.31-19 with mount.cifs version: 1.12-3.4.0, I noticed an important decrease of performance while navigating CIFS shares on a Windows 2003 server. Navigating means here either using midnight commander, ls -l (with ls unaliased first...), rsync, etc.. I added noserverino,nolinux to the mount command, but it does not make much difference. The kind of performance degradation I am talking about is in the order of times ten or so. An rsync which takes less that 2 minutes on old hardware, now takes over 15 minutes on newer hardware! Doing a bit of investigation with tcpdump, we can see a lot QUERY_PATH_INFO requests happening which are not necessary as all the information is already returned by FIND_FIRST2 requests. A trivial example will illustrate it. Lets have a directory with 3 files inside. ls -l with my old machine, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 With the new one, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 SMB Trans2 Response, QUERY_PATH_INFO So for every file in the directory, as returned by the FIRST_FIND2 response, it does a QUERY_PATH_INFO, which does not bring any new information, all the attributes were already returned by FIRST_FIND2. That is the cause of the slowness I notice. Is that a known issue? Thanks for your help, Seb. </pre> Seb Astien 2010-04-01T08:40:29 http://comments.gmane.org/gmane.linux.file-systems.cifs/6209 <pre>From time to time (about 1 or 2 times a month) all cifs mounts hang. By hang i mean, no data can get transfered from or to the server and every programm accessing the a cifs share (df,cp,ls) freezes. The shares are from two different servers, from two different networks, so i guess its not the server part that fails. Other machines are also able to use the shares. Its only the cifs mounts that fail, iscsi continue to work and ftp connections do not get droped, so gues ist not the network ether. The mounts can not be unmounted. If i do a unmount, even with force, the unmount process hangs like any other and can not be killed, even with -9. A reboot fixes the problem, but only a reboot. I can not get rid of the hanging mounts. Any idea on how to debug the problem? I have some entrys in dmesg CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: Send error in FindClose = -9 CIFS VFS: server not responding CIFS VFS: No response for cmd 50 mid 19472 CIFS VFS: server not responding CIFS VFS: No response for cmd 50 mid 30264 CIFS VFS: No response to cmd 46 mid 34122 CIFS VFS: Send error in read = -11 CIFS VFS: No response for cmd 50 mid 34123 Status code returned 0xc0000008 NT_STATUS_INVALID_HANDLE CIFS VFS: Send error in read = -9 Which apear all the time. I tried to google the error msg but no luck so far. Some have the same error msg, but under complete different circumstances. Any idea on that codes? All i get from cat /proc/fs/cifs/DebugData is --------------------------------------------------- CIFS Version 1.50cRH Active VFS Requests: 0 Servers: 1) Name: 172.17.0.85 Domain: COLOR Mounts: 1 OS: Windows Server 2003 3790 Service Pack 2 NOS: Windows Server 2003 5.2 Capability: 0x1f3fd SMB session status: 1 TCP status: 1 Local Users To Server: 1 SecMode: 0x3 Req On Wire: 0 MIDs: 2) Name: 10.9.170.20 Domain: DMZ Mounts: 2 OS: Windows Server 2003 R2 3790 Service Pack 2 NOS: Windows Server 2003 R2 5.2 Capability: 0x1f3fd SMB session status: 1 TCP status: 1 Local Users To Server: 1 SecMode: 0x3 Req On Wire: 0 MIDs: Shares: 1) \\172.17.0.85\img01 Uses: 1 Type: NTFS DevInfo: 0x20 Attributes: 0x700ff PathComponentMax: 255 Status: 1 type: DISK 2) \\10.9.170.20\orders_09 Uses: 1 Type: NTFS DevInfo: 0x20 Attributes: 0x700ff PathComponentMax: 255 Status: 1 type: DISK 3) \\10.9.170.20\BackupMo_09 Uses: 1 Type: NTFS DevInfo: 0x20 Attributes: 0x700ff PathComponentMax: 255 Status: 1 type: DISK It is a centos 5.2 system (kernel 2.6.18-92.el5 #1 SMP). It is not a samba server, even samba is installed (samba-3.0.33-3.15), it is not started. It is an ftp server and writes files to a windows 2k3 server share, where it gets collected from varios other servers. When i check with wireshark/tcpdump there is no communication on the wire when the cifs module hangs. As the connection has heavy load from time to time, i can not sniff for weeks in advance. So there is no tcpdump i could check. There are no entrys in the server logs. The server thinks the client is still connected. I can not mount shres when the cifs module hangs, even i can ping the server. I tried to echo 3 &gt; /proc/fs/cifs/cifsFYI but i get only more dmesg entrys with no information for me. So i hope someone here will be able to explain what my server does. Regards, eric </pre> Eric Wagner 2010-04-12T08:37:27 http://comments.gmane.org/gmane.linux.file-systems.cifs/6208 <pre>Going from kernel (x86) 2.6.27-8 (I am not sure which version of mount.cifs) to 2.6.31-19 with mount.cifs version: 1.12-3.4.0, I noticed an important decrease of performance while navigating CIFS shares on a Windows 2003 server. Navigating means here either using midnight commander, ls -l (with ls unaliased first...), rsync, etc.. I added noserverino,nolinux to the mount command, but it does not make much difference. The kind of performance degradation I am talking about is in the order of times ten or so. An rsync which takes less that 2 minutes on old hardware, now takes over 15 minutes on newer hardware! Doing a bit of investigation with tcpdump, we can see a lot QUERY_PATH_INFO requests happening which are not necessary as all the information is already returned by FIND_FIRST2 requests. A trivial example will illustrate it. Lets have a directory with 3 files inside. ls -l with my old machine, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 With the new one, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 SMB Trans2 Response, QUERY_PATH_INFO So for every file in the directory, as returned by the FIRST_FIND2 response, it does a QUERY_PATH_INFO, which does not bring any new information, all the attributes were already returned by FIRST_FIND2. I attached to the email the tcpdump so you can really double check by yourself that the QUERY_PATH info does not bring anything new. That is the cause of the slowness I notice. Is that a known issue? Thanks for your help, Seb. Laposte.net, Messager Officiel du Rallye des Gazelles 2010, Pour suivre le Rallye Aicha des Gazelles et soutenir les participantes, cliquez ici http://www.laposte.net/rallye-des-gazelles No. Time Source Destination Protocol Info 1 0.000000 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp Frame 1 (154 bytes on wire, 154 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.498621000 [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 154 bytes Capture Length: 154 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 140 Identification: 0x73b9 (29625) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x062f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 88 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 89 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xbfff [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591837, TSecr 62822017 [SEQ/ACK analysis] [Number of bytes in flight: 88] NetBIOS Session Service Message Type: Session message Length: 84 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 2] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 18 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 18 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 19 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp No. Time Source Destination Protocol Info 2 0.056732 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 2 (266 bytes on wire, 266 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555353000 [Time delta from previous captured frame: 0.056732000 seconds] [Time delta from previous displayed frame: 0.056732000 seconds] [Time since reference or first frame: 0.056732000 seconds] Frame Number: 2 Frame Length: 266 bytes Capture Length: 266 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 252 Identification: 0x5610 (22032) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe667 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1, Ack: 89, Len: 200 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 201 (relative sequence number)] Acknowledgement number: 89 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65129 Checksum: 0x1de1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822120, TSecr 6591837 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.056732000 seconds] [Number of bytes in flight: 200] NetBIOS Session Service Message Type: Session message Length: 196 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 1] [Time from request: 0.056732000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 136 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 136 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 141 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 15:02:05.606809700 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 File Attributes: 0x00000010 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 0 End Of File: 0 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is a DIRECTORY (1) EA List Length: 0 File Name Len: 64 File Name: \SLP\Temp No. Time Source Destination Protocol Info 3 0.056787 172.30.33.11 172.19.71.71 TCP 55075 &gt; microsoft-ds [ACK] Seq=89 Ack=201 Win=1002 Len=0 TSV=6591851 TSER=62822120 Frame 3 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555408000 [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.000055000 seconds] [Time since reference or first frame: 0.056787000 seconds] Frame Number: 3 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73ba (29626) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0686 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xf2e9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000055000 seconds] No. Time Source Destination Protocol Info 4 0.057279 172.30.33.11 172.19.71.71 SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* Frame 4 (164 bytes on wire, 164 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555900000 [Time delta from previous captured frame: 0.000492000 seconds] [Time delta from previous displayed frame: 0.000547000 seconds] [Time since reference or first frame: 0.057279000 seconds] Frame Number: 4 Frame Length: 164 bytes Capture Length: 164 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 150 Identification: 0x73bb (29627) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0623 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 98 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) [Next sequence number: 187 (relative sequence number)] Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x59d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [Number of bytes in flight: 98] NetBIOS Session Service Message Type: Session message Length: 94 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 5] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 28 Total Data Count: 0 Max Parameter Count: 10 Max Data Count: 16384 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 28 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: FIND_FIRST2 (0x0001) Byte Count (BCC): 29 Padding: 00 FIND_FIRST2 Parameters Search Attributes: 0x0017 .... .... .... ...1 = Read Only: Include READ ONLY files in search results .... .... .... ..1. = Hidden: Include HIDDEN files in search results .... .... .... .1.. = System: Include SYSTEM files in search results .... .... .... 0... = Volume ID: Do NOT include volume IDs in search results .... .... ...1 .... = Directory: Include DIRECTORIES in search results .... .... ..0. .... = Archive: Do NOT include archive files in search results Search Count: 150 Flags: 0x0006 .... .... ...0 .... = Backup Intent: No backup intent .... .... .... 0... = Continue: New search, do NOT continue from previous position .... .... .... .1.. = Resume: Return RESUME keys .... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached .... .... .... ...0 = Close: Do NOT close search after this request Level of Interest: Find File Directory Info (257) Storage Type: 0 Search Pattern: \Temp\* No. Time Source Destination Protocol Info 5 0.114724 172.19.71.71 172.30.33.11 SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 Frame 5 (522 bytes on wire, 522 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613345000 [Time delta from previous captured frame: 0.057445000 seconds] [Time delta from previous displayed frame: 0.057445000 seconds] [Time since reference or first frame: 0.114724000 seconds] Frame Number: 5 Frame Length: 522 bytes Capture Length: 522 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 508 Identification: 0x5619 (22041) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe55e [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 201, Ack: 187, Len: 456 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 201 (relative sequence number) [Next sequence number: 657 (relative sequence number)] Acknowledgement number: 187 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65031 Checksum: 0xd4d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591851 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.057445000 seconds] [Number of bytes in flight: 456] NetBIOS Session Service Message Type: Session message Length: 452 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 4] [Time from request: 0.057445000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Response (0x32) Subcommand: FIND_FIRST2 (0x0001) [Level of Interest: Find File Directory Info (257)] [Search Pattern: \Temp\*] Word Count (WCT): 10 Total Parameter Count: 10 Total Data Count: 384 Reserved: 0000 Parameter Count: 10 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 384 Data Offset: 68 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 397 Padding: 00 FIND_FIRST2 Parameters Level of Interest: Find File Directory Info (257) Search ID: 0x0002 Search Count: 5 End Of Search: 1 EA Error offset: 0 Last Name Offset: 304 Padding: 0000 FIND_FIRST2 Data Find File Directory Info File: . Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 2 File Name: . Find File Directory Info File: .. Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 4 File Name: .. Find File Directory Info File: file1 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:35.953352600 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file1 Find File Directory Info File: file2 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file2 Find File Directory Info File: file3 Next Entry Offset: 0 File Index: 0 Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file3 Unknown Data: 000000000000 No. Time Source Destination Protocol Info 6 0.114870 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 Frame 6 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613491000 [Time delta from previous captured frame: 0.000146000 seconds] [Time delta from previous displayed frame: 0.000146000 seconds] [Time since reference or first frame: 0.114870000 seconds] Frame Number: 6 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bc (29628) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0620 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 187, Ack: 657, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 187 (relative sequence number) [Next sequence number: 287 (relative sequence number)] Acknowledgement number: 657 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8cf3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591865, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5] [The RTT to ACK the segment was: 0.000146000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 7] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file1 No. Time Source Destination Protocol Info 7 0.174305 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 7 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.672926000 [Time delta from previous captured frame: 0.059435000 seconds] [Time delta from previous displayed frame: 0.059435000 seconds] [Time since reference or first frame: 0.174305000 seconds] Frame Number: 7 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x5620 (22048) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe64b [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 657, Ack: 287, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 657 (relative sequence number) [Next sequence number: 869 (relative sequence number)] Acknowledgement number: 287 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64931 Checksum: 0x396b [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591865 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.059435000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 6] [Time from request: 0.059435000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file1] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:40.561695100 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file1 No. Time Source Destination Protocol Info 8 0.174423 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 Frame 8 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.673044000 [Time delta from previous captured frame: 0.000118000 seconds] [Time delta from previous displayed frame: 0.000118000 seconds] [Time since reference or first frame: 0.174423000 seconds] Frame Number: 8 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bd (29629) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 287, Ack: 869, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 287 (relative sequence number) [Next sequence number: 387 (relative sequence number)] Acknowledgement number: 869 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x89ac [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591880, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 7] [The RTT to ACK the segment was: 0.000118000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 9] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file2 No. Time Source Destination Protocol Info 9 0.230720 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 9 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729341000 [Time delta from previous captured frame: 0.056297000 seconds] [Time delta from previous displayed frame: 0.056297000 seconds] [Time since reference or first frame: 0.230720000 seconds] Frame Number: 9 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x567b (22139) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe5f0 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 869, Ack: 387, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 869 (relative sequence number) [Next sequence number: 1081 (relative sequence number)] Acknowledgement number: 387 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64831 Checksum: 0x94dd [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591880 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 8] [The RTT to ACK the segment was: 0.056297000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 8] [Time from request: 0.056297000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file2] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file2 No. Time Source Destination Protocol Info 10 0.230837 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 Frame 10 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729458000 [Time delta from previous captured frame: 0.000117000 seconds] [Time delta from previous displayed frame: 0.000117000 seconds] [Time since reference or first frame: 0.230837000 seconds] Frame Number: 10 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73be (29630) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061e [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 387, Ack: 1081, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 387 (relative sequence number) [Next sequence number: 487 (relative sequence number)] Acknowledgement number: 1081 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8665 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591894, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.000117000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 11] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file3 No. Time Source Destination Protocol Info 11 0.286786 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 11 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.785407000 [Time delta from previous captured frame: 0.055949000 seconds] [Time delta from previous displayed frame: 0.055949000 seconds] [Time since reference or first frame: 0.286786000 seconds] Frame Number: 11 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x572f (22319) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe53c [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1081, Ack: 487, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1081 (relative sequence number) [Next sequence number: 1293 (relative sequence number)] Acknowledgement number: 487 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64731 Checksum: 0xb726 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591894 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 10] [The RTT to ACK the segment was: 0.055949000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 10] [Time from request: 0.055949000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file3] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file3 No. Time Source Destination Protocol Info 12 0.327224 172.30.33.11 172.19.71.71 TCP 55075 &gt; microsoft-ds [ACK] Seq=487 Ack=1293 Win=1002 Len=0 TSV=6591918 TSER=62822122 Frame 12 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.825845000 [Time delta from previous captured frame: 0.040438000 seconds] [Time delta from previous displayed frame: 0.040438000 seconds] [Time since reference or first frame: 0.327224000 seconds] Frame Number: 12 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73bf (29631) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0681 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 487, Ack: 1293, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 487 (relative sequence number) Acknowledgement number: 1293 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xecd2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591918, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.040438000 seconds] _______________________________________________ linux-cifs-client mailing list linux-cifs-client&lt; at &gt;lists.samba.org https://lists.samba.org/mailman/listinfo/linux-cifs-client </pre> pourquoi.hugo 2010-03-24T09:11:13 http://comments.gmane.org/gmane.linux.file-systems.cifs/6207 <pre>Going from kernel (x86) 2.6.27-8 (I am not sure which version of mount.cifs) to 2.6.31-19 with mount.cifs version: 1.12-3.4.0, I noticed an important decrease of performance while navigating CIFS shares on a Windows 2003 server. Navigating means here either using midnight commander, ls -l (with ls unaliased first...), rsync, etc.. I added noserverino,nolinux to the mount command, but it does not make much difference. The kind of performance degradation I am talking about is in the order of times ten or so. An rsync which takes less that 2 minutes on old hardware, now takes over 15 minutes on newer hardware! Doing a bit of investigation with tcpdump, we can see a lot QUERY_PATH_INFO requests happening which are not necessary as all the information is already returned by FIND_FIRST2 requests. A trivial example will illustrate it. Lets have a directory with 3 files inside. ls -l with my old machine, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 With the new one, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 SMB Trans2 Response, QUERY_PATH_INFO So for every file in the directory, as returned by the FIRST_FIND2 response, it does a QUERY_PATH_INFO, which does not bring any new information, all the attributes were already returned by FIRST_FIND2. I attached to the email the tcpdump so you can really double check by yourself that the QUERY_PATH info does not bring anything new. That is the cause of the slowness I notice. Thanks for your help, Seb. No. Time Source Destination Protocol Info 1 0.000000 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp Frame 1 (154 bytes on wire, 154 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.498621000 [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 154 bytes Capture Length: 154 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 140 Identification: 0x73b9 (29625) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x062f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 88 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 89 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xbfff [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591837, TSecr 62822017 [SEQ/ACK analysis] [Number of bytes in flight: 88] NetBIOS Session Service Message Type: Session message Length: 84 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 2] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 18 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 18 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 19 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp No. Time Source Destination Protocol Info 2 0.056732 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 2 (266 bytes on wire, 266 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555353000 [Time delta from previous captured frame: 0.056732000 seconds] [Time delta from previous displayed frame: 0.056732000 seconds] [Time since reference or first frame: 0.056732000 seconds] Frame Number: 2 Frame Length: 266 bytes Capture Length: 266 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 252 Identification: 0x5610 (22032) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe667 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1, Ack: 89, Len: 200 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 201 (relative sequence number)] Acknowledgement number: 89 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65129 Checksum: 0x1de1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822120, TSecr 6591837 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.056732000 seconds] [Number of bytes in flight: 200] NetBIOS Session Service Message Type: Session message Length: 196 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 1] [Time from request: 0.056732000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 136 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 136 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 141 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 15:02:05.606809700 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 File Attributes: 0x00000010 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 0 End Of File: 0 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is a DIRECTORY (1) EA List Length: 0 File Name Len: 64 File Name: \SLP\Temp No. Time Source Destination Protocol Info 3 0.056787 172.30.33.11 172.19.71.71 TCP 55075 &gt; microsoft-ds [ACK] Seq=89 Ack=201 Win=1002 Len=0 TSV=6591851 TSER=62822120 Frame 3 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555408000 [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.000055000 seconds] [Time since reference or first frame: 0.056787000 seconds] Frame Number: 3 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73ba (29626) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0686 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xf2e9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000055000 seconds] No. Time Source Destination Protocol Info 4 0.057279 172.30.33.11 172.19.71.71 SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* Frame 4 (164 bytes on wire, 164 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555900000 [Time delta from previous captured frame: 0.000492000 seconds] [Time delta from previous displayed frame: 0.000547000 seconds] [Time since reference or first frame: 0.057279000 seconds] Frame Number: 4 Frame Length: 164 bytes Capture Length: 164 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 150 Identification: 0x73bb (29627) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0623 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 98 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) [Next sequence number: 187 (relative sequence number)] Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x59d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [Number of bytes in flight: 98] NetBIOS Session Service Message Type: Session message Length: 94 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 5] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 28 Total Data Count: 0 Max Parameter Count: 10 Max Data Count: 16384 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 28 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: FIND_FIRST2 (0x0001) Byte Count (BCC): 29 Padding: 00 FIND_FIRST2 Parameters Search Attributes: 0x0017 .... .... .... ...1 = Read Only: Include READ ONLY files in search results .... .... .... ..1. = Hidden: Include HIDDEN files in search results .... .... .... .1.. = System: Include SYSTEM files in search results .... .... .... 0... = Volume ID: Do NOT include volume IDs in search results .... .... ...1 .... = Directory: Include DIRECTORIES in search results .... .... ..0. .... = Archive: Do NOT include archive files in search results Search Count: 150 Flags: 0x0006 .... .... ...0 .... = Backup Intent: No backup intent .... .... .... 0... = Continue: New search, do NOT continue from previous position .... .... .... .1.. = Resume: Return RESUME keys .... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached .... .... .... ...0 = Close: Do NOT close search after this request Level of Interest: Find File Directory Info (257) Storage Type: 0 Search Pattern: \Temp\* No. Time Source Destination Protocol Info 5 0.114724 172.19.71.71 172.30.33.11 SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 Frame 5 (522 bytes on wire, 522 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613345000 [Time delta from previous captured frame: 0.057445000 seconds] [Time delta from previous displayed frame: 0.057445000 seconds] [Time since reference or first frame: 0.114724000 seconds] Frame Number: 5 Frame Length: 522 bytes Capture Length: 522 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 508 Identification: 0x5619 (22041) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe55e [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 201, Ack: 187, Len: 456 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 201 (relative sequence number) [Next sequence number: 657 (relative sequence number)] Acknowledgement number: 187 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65031 Checksum: 0xd4d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591851 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.057445000 seconds] [Number of bytes in flight: 456] NetBIOS Session Service Message Type: Session message Length: 452 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 4] [Time from request: 0.057445000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Response (0x32) Subcommand: FIND_FIRST2 (0x0001) [Level of Interest: Find File Directory Info (257)] [Search Pattern: \Temp\*] Word Count (WCT): 10 Total Parameter Count: 10 Total Data Count: 384 Reserved: 0000 Parameter Count: 10 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 384 Data Offset: 68 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 397 Padding: 00 FIND_FIRST2 Parameters Level of Interest: Find File Directory Info (257) Search ID: 0x0002 Search Count: 5 End Of Search: 1 EA Error offset: 0 Last Name Offset: 304 Padding: 0000 FIND_FIRST2 Data Find File Directory Info File: . Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 2 File Name: . Find File Directory Info File: .. Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 4 File Name: .. Find File Directory Info File: file1 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:35.953352600 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file1 Find File Directory Info File: file2 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file2 Find File Directory Info File: file3 Next Entry Offset: 0 File Index: 0 Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file3 Unknown Data: 000000000000 No. Time Source Destination Protocol Info 6 0.114870 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 Frame 6 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613491000 [Time delta from previous captured frame: 0.000146000 seconds] [Time delta from previous displayed frame: 0.000146000 seconds] [Time since reference or first frame: 0.114870000 seconds] Frame Number: 6 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bc (29628) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0620 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 187, Ack: 657, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 187 (relative sequence number) [Next sequence number: 287 (relative sequence number)] Acknowledgement number: 657 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8cf3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591865, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5] [The RTT to ACK the segment was: 0.000146000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 7] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file1 No. Time Source Destination Protocol Info 7 0.174305 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 7 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.672926000 [Time delta from previous captured frame: 0.059435000 seconds] [Time delta from previous displayed frame: 0.059435000 seconds] [Time since reference or first frame: 0.174305000 seconds] Frame Number: 7 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x5620 (22048) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe64b [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 657, Ack: 287, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 657 (relative sequence number) [Next sequence number: 869 (relative sequence number)] Acknowledgement number: 287 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64931 Checksum: 0x396b [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591865 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.059435000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 6] [Time from request: 0.059435000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file1] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:40.561695100 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file1 No. Time Source Destination Protocol Info 8 0.174423 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 Frame 8 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.673044000 [Time delta from previous captured frame: 0.000118000 seconds] [Time delta from previous displayed frame: 0.000118000 seconds] [Time since reference or first frame: 0.174423000 seconds] Frame Number: 8 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bd (29629) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 287, Ack: 869, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 287 (relative sequence number) [Next sequence number: 387 (relative sequence number)] Acknowledgement number: 869 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x89ac [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591880, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 7] [The RTT to ACK the segment was: 0.000118000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 9] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file2 No. Time Source Destination Protocol Info 9 0.230720 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 9 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729341000 [Time delta from previous captured frame: 0.056297000 seconds] [Time delta from previous displayed frame: 0.056297000 seconds] [Time since reference or first frame: 0.230720000 seconds] Frame Number: 9 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x567b (22139) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe5f0 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 869, Ack: 387, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 869 (relative sequence number) [Next sequence number: 1081 (relative sequence number)] Acknowledgement number: 387 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64831 Checksum: 0x94dd [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591880 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 8] [The RTT to ACK the segment was: 0.056297000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 8] [Time from request: 0.056297000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file2] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file2 No. Time Source Destination Protocol Info 10 0.230837 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 Frame 10 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729458000 [Time delta from previous captured frame: 0.000117000 seconds] [Time delta from previous displayed frame: 0.000117000 seconds] [Time since reference or first frame: 0.230837000 seconds] Frame Number: 10 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73be (29630) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061e [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 387, Ack: 1081, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 387 (relative sequence number) [Next sequence number: 487 (relative sequence number)] Acknowledgement number: 1081 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8665 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591894, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.000117000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 11] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file3 No. Time Source Destination Protocol Info 11 0.286786 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 11 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.785407000 [Time delta from previous captured frame: 0.055949000 seconds] [Time delta from previous displayed frame: 0.055949000 seconds] [Time since reference or first frame: 0.286786000 seconds] Frame Number: 11 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x572f (22319) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe53c [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1081, Ack: 487, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1081 (relative sequence number) [Next sequence number: 1293 (relative sequence number)] Acknowledgement number: 487 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64731 Checksum: 0xb726 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591894 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 10] [The RTT to ACK the segment was: 0.055949000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 10] [Time from request: 0.055949000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file3] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file3 No. Time Source Destination Protocol Info 12 0.327224 172.30.33.11 172.19.71.71 TCP 55075 &gt; microsoft-ds [ACK] Seq=487 Ack=1293 Win=1002 Len=0 TSV=6591918 TSER=62822122 Frame 12 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.825845000 [Time delta from previous captured frame: 0.040438000 seconds] [Time delta from previous displayed frame: 0.040438000 seconds] [Time since reference or first frame: 0.327224000 seconds] Frame Number: 12 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73bf (29631) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0681 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 487, Ack: 1293, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 487 (relative sequence number) Acknowledgement number: 1293 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xecd2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591918, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.040438000 seconds] No. Time Source Destination Protocol Info 13 2.000365 172.30.33.11 134.214.100.60 NTP NTP client Frame 13 (90 bytes on wire, 90 bytes captured) Arrival Time: Mar 1, 2010 15:05:51.498986000 [Time delta from previous captured frame: 1.673141000 seconds] [Time delta from previous displayed frame: 1.713579000 seconds] [Time since reference or first frame: 2.000365000 seconds] Frame Number: 13 Frame Length: 90 bytes Capture Length: 90 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:ntp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 134.214.100.60 (134.214.100.60) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 76 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x8265 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 134.214.100.60 (134.214.100.60) User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123) Source port: ntp (123) Destination port: ntp (123) Length: 56 Checksum: 0x3b41 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Network Time Protocol Flags: 0xe3 11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3) ..10 0... = Version number: NTP Version 4 (4) .... .011 = Mode: client (3) Peer Clock Stratum: unspecified or unavailable (0) Peer Polling Interval: 6 (64 sec) Peer Clock Precision: 0.000001 sec Root Delay: 0.0000 sec Root Dispersion: 0.0010 sec Reference Clock ID: (Initialization) Reference Clock Update Time: NULL Originate Time Stamp: Mar 1, 2010 14:04:45.5265 UTC Receive Time Stamp: Mar 1, 2010 14:04:45.5427 UTC Transmit Time Stamp: Mar 1, 2010 14:05:51.4990 UTC No. Time Source Destination Protocol Info 14 2.044284 134.214.100.60 172.30.33.11 NTP NTP server Frame 14 (90 bytes on wire, 90 bytes captured) Arrival Time: Mar 1, 2010 15:05:51.542905000 [Time delta from previous captured frame: 0.043919000 seconds] [Time delta from previous displayed frame: 1.757498000 seconds] [Time since reference or first frame: 2.044284000 seconds] Frame Number: 14 Frame Length: 90 bytes Capture Length: 90 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:ntp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 134.214.100.60 (134.214.100.60), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 76 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 50 Protocol: UDP (0x11) Header checksum: 0x9065 [correct] [Good: True] [Bad : False] Source: 134.214.100.60 (134.214.100.60) Destination: 172.30.33.11 (172.30.33.11) User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123) Source port: ntp (123) Destination port: ntp (123) Length: 56 Checksum: 0x1230 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Network Time Protocol Flags: 0x24 00.. .... = Leap Indicator: no warning (0) ..10 0... = Version number: NTP Version 4 (4) .... .100 = Mode: server (4) Peer Clock Stratum: secondary reference (2) Peer Polling Interval: 6 (64 sec) Peer Clock Precision: 0.003906 sec Root Delay: 0.0119 sec Root Dispersion: 0.0379 sec Reference Clock ID: 192.93.2.20 Reference Clock Update Time: Mar 1, 2010 13:51:14.7155 UTC Originate Time Stamp: Mar 1, 2010 14:05:51.4990 UTC Receive Time Stamp: Mar 1, 2010 14:05:51.5247 UTC Transmit Time Stamp: Mar 1, 2010 14:05:51.5245 UTC No. Time Source Destination Protocol Info 15 3.000345 172.30.33.11 129.132.2.21 NTP NTP client Frame 15 (90 bytes on wire, 90 bytes captured) Arrival Time: Mar 1, 2010 15:05:52.498966000 [Time delta from previous captured frame: 0.956061000 seconds] [Time delta from previous displayed frame: 2.713559000 seconds] [Time since reference or first frame: 3.000345000 seconds] Frame Number: 15 Frame Length: 90 bytes Capture Length: 90 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:ntp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 129.132.2.21 (129.132.2.21) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 76 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xe9de [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 129.132.2.21 (129.132.2.21) User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123) Source port: ntp (123) Destination port: ntp (123) Length: 56 Checksum: 0x2515 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Network Time Protocol Flags: 0xe3 11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3) ..10 0... = Version number: NTP Version 4 (4) .... .011 = Mode: client (3) Peer Clock Stratum: unspecified or unavailable (0) Peer Polling Interval: 6 (64 sec) Peer Clock Precision: 0.000001 sec Root Delay: 0.0000 sec Root Dispersion: 0.0010 sec Reference Clock ID: (Initialization) Reference Clock Update Time: NULL Originate Time Stamp: Mar 1, 2010 14:04:46.5253 UTC Receive Time Stamp: Mar 1, 2010 14:04:46.5514 UTC Transmit Time Stamp: Mar 1, 2010 14:05:52.4989 UTC No. Time Source Destination Protocol Info 16 3.053964 129.132.2.21 172.30.33.11 NTP NTP server Frame 16 (90 bytes on wire, 90 bytes captured) Arrival Time: Mar 1, 2010 15:05:52.552585000 [Time delta from previous captured frame: 0.053619000 seconds] [Time delta from previous displayed frame: 2.767178000 seconds] [Time since reference or first frame: 3.053964000 seconds] Frame Number: 16 Frame Length: 90 bytes Capture Length: 90 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:ntp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 129.132.2.21 (129.132.2.21), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 76 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 46 Protocol: UDP (0x11) Header checksum: 0xfbde [correct] [Good: True] [Bad : False] Source: 129.132.2.21 (129.132.2.21) Destination: 172.30.33.11 (172.30.33.11) User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123) Source port: ntp (123) Destination port: ntp (123) Length: 56 Checksum: 0xcac8 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Network Time Protocol Flags: 0x24 00.. .... = Leap Indicator: no warning (0) ..10 0... = Version number: NTP Version 4 (4) .... .100 = Mode: server (4) Peer Clock Stratum: secondary reference (2) Peer Polling Interval: 6 (64 sec) Peer Clock Precision: 0.000001 sec Root Delay: 0.0005 sec Root Dispersion: 0.0077 sec Reference Clock ID: 129.132.2.23 Reference Clock Update Time: Mar 1, 2010 14:02:35.9271 UTC Originate Time Stamp: Mar 1, 2010 14:05:52.4989 UTC Receive Time Stamp: Mar 1, 2010 14:05:52.5266 UTC Transmit Time Stamp: Mar 1, 2010 14:05:52.5266 UTC No. Time Source Destination Protocol Info 17 4.000358 172.30.33.11 195.220.94.163 NTP NTP client Frame 17 (90 bytes on wire, 90 bytes captured) Arrival Time: Mar 1, 2010 15:05:53.498979000 [Time delta from previous captured frame: 0.946394000 seconds] [Time delta from previous displayed frame: 3.713572000 seconds] [Time since reference or first frame: 4.000358000 seconds] Frame Number: 17 Frame Length: 90 bytes Capture Length: 90 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:ntp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 195.220.94.163 (195.220.94.163) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 76 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x4af8 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 195.220.94.163 (195.220.94.163) User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123) Source port: ntp (123) Destination port: ntp (123) Length: 56 Checksum: 0x73ac [validation disabled] [Good Checksum: False] [Bad Checksum: False] Network Time Protocol Flags: 0xe3 11.. .... = Leap Indicator: alarm condition (clock not synchronized) (3) ..10 0... = Version number: NTP Version 4 (4) .... .011 = Mode: client (3) Peer Clock Stratum: unspecified or unavailable (0) Peer Polling Interval: 6 (64 sec) Peer Clock Precision: 0.000001 sec Root Delay: 0.0000 sec Root Dispersion: 0.0010 sec Reference Clock ID: (Initialization) Reference Clock Update Time: NULL Originate Time Stamp: Mar 1, 2010 14:04:47.5265 UTC Receive Time Stamp: Mar 1, 2010 14:04:47.5519 UTC Transmit Time Stamp: Mar 1, 2010 14:05:53.4990 UTC No. Time Source Destination Protocol Info 18 4.059707 195.220.94.163 172.30.33.11 NTP NTP server Frame 18 (90 bytes on wire, 90 bytes captured) Arrival Time: Mar 1, 2010 15:05:53.558328000 [Time delta from previous captured frame: 0.059349000 seconds] [Time delta from previous displayed frame: 3.772921000 seconds] [Time since reference or first frame: 4.059707000 seconds] Frame Number: 18 Frame Length: 90 bytes Capture Length: 90 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:ntp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 195.220.94.163 (195.220.94.163), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 76 Identification: 0x3775 (14197) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 242 Protocol: UDP (0x11) Header checksum: 0xa182 [correct] [Good: True] [Bad : False] Source: 195.220.94.163 (195.220.94.163) Destination: 172.30.33.11 (172.30.33.11) User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123) Source port: ntp (123) Destination port: ntp (123) Length: 56 Checksum: 0x202f [validation disabled] [Good Checksum: False] [Bad Checksum: False] Network Time Protocol Flags: 0x24 00.. .... = Leap Indicator: no warning (0) ..10 0... = Version number: NTP Version 4 (4) .... .100 = Mode: server (4) Peer Clock Stratum: primary reference (1) Peer Polling Interval: 6 (64 sec) Peer Clock Precision: 0.000002 sec Root Delay: 0.0000 sec Root Dispersion: 0.0000 sec Reference Clock ID: Global Positioning Service Reference Clock Update Time: Mar 1, 2010 14:05:52.0000 UTC Originate Time Stamp: Mar 1, 2010 14:05:53.4990 UTC Receive Time Stamp: Mar 1, 2010 14:05:53.5317 UTC Transmit Time Stamp: Mar 1, 2010 14:05:53.5325 UTC _______________________________________________ linux-cifs-client mailing list linux-cifs-client&lt; at &gt;lists.samba.org https://lists.samba.org/mailman/listinfo/linux-cifs-client </pre> Seb Astien 2010-03-01T14:37:45 http://comments.gmane.org/gmane.linux.file-systems.cifs/6206 <pre>Going from kernel (x86) 2.6.27-8 (I am not sure which version of mount.cifs) to 2.6.31-19 with mount.cifs version: 1.12-3.4.0, I noticed an important decrease of performance while navigating CIFS shares on a Windows 2003 server. Navigating means here either using midnight commander, ls -l (with ls unaliased first...), rsync, etc.. I added noserverino,nolinux to the mount command, but it does not make much difference. The kind of performance degradation I am talking about is in the order of times ten or so. An rsync which takes less that 2 minutes on old hardware, now takes over 15 minutes on newer hardware! Doing a bit of investigation with tcpdump, we can see a lot QUERY_PATH_INFO requests happening which are not necessary as all the information is already returned by FIND_FIRST2 requests. A trivial example will illustrate it. Lets have a directory with 3 files inside. ls -l with my old machine, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 With the new one, it gives: Protocol Info SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 SMB Trans2 Response, QUERY_PATH_INFO SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 SMB Trans2 Response, QUERY_PATH_INFO So for every file in the directory, as returned by the FIRST_FIND2 response, it does a QUERY_PATH_INFO, which does not bring any new information, all the attributes were already returned by FIRST_FIND2. I attached to the email the tcpdump so you can really double check by yourself that the QUERY_PATH info does not bring anything new. That is the cause of the slowness I notice. Is that a known issue? Thanks for your help, Seb. No. Time Source Destination Protocol Info 1 0.000000 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp Frame 1 (154 bytes on wire, 154 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.498621000 [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 154 bytes Capture Length: 154 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 140 Identification: 0x73b9 (29625) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x062f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 88 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 89 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xbfff [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591837, TSecr 62822017 [SEQ/ACK analysis] [Number of bytes in flight: 88] NetBIOS Session Service Message Type: Session message Length: 84 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 2] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 18 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 18 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 19 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp No. Time Source Destination Protocol Info 2 0.056732 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 2 (266 bytes on wire, 266 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555353000 [Time delta from previous captured frame: 0.056732000 seconds] [Time delta from previous displayed frame: 0.056732000 seconds] [Time since reference or first frame: 0.056732000 seconds] Frame Number: 2 Frame Length: 266 bytes Capture Length: 266 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 252 Identification: 0x5610 (22032) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe667 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1, Ack: 89, Len: 200 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 201 (relative sequence number)] Acknowledgement number: 89 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65129 Checksum: 0x1de1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822120, TSecr 6591837 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.056732000 seconds] [Number of bytes in flight: 200] NetBIOS Session Service Message Type: Session message Length: 196 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 1] [Time from request: 0.056732000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 631 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 136 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 136 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 141 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 15:02:05.606809700 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 File Attributes: 0x00000010 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 0 End Of File: 0 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is a DIRECTORY (1) EA List Length: 0 File Name Len: 64 File Name: \SLP\Temp No. Time Source Destination Protocol Info 3 0.056787 172.30.33.11 172.19.71.71 TCP 55075 &gt; microsoft-ds [ACK] Seq=89 Ack=201 Win=1002 Len=0 TSV=6591851 TSER=62822120 Frame 3 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555408000 [Time delta from previous captured frame: 0.000055000 seconds] [Time delta from previous displayed frame: 0.000055000 seconds] [Time since reference or first frame: 0.056787000 seconds] Frame Number: 3 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73ba (29626) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0686 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xf2e9 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000055000 seconds] No. Time Source Destination Protocol Info 4 0.057279 172.30.33.11 172.19.71.71 SMB Trans2 Request, FIND_FIRST2, Pattern: \Temp\* Frame 4 (164 bytes on wire, 164 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.555900000 [Time delta from previous captured frame: 0.000492000 seconds] [Time delta from previous displayed frame: 0.000547000 seconds] [Time since reference or first frame: 0.057279000 seconds] Frame Number: 4 Frame Length: 164 bytes Capture Length: 164 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 150 Identification: 0x73bb (29627) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0623 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 89, Ack: 201, Len: 98 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 89 (relative sequence number) [Next sequence number: 187 (relative sequence number)] Acknowledgement number: 201 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x59d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591851, TSecr 62822120 [SEQ/ACK analysis] [Number of bytes in flight: 98] NetBIOS Session Service Message Type: Session message Length: 94 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 5] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 28 Total Data Count: 0 Max Parameter Count: 10 Max Data Count: 16384 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 28 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: FIND_FIRST2 (0x0001) Byte Count (BCC): 29 Padding: 00 FIND_FIRST2 Parameters Search Attributes: 0x0017 .... .... .... ...1 = Read Only: Include READ ONLY files in search results .... .... .... ..1. = Hidden: Include HIDDEN files in search results .... .... .... .1.. = System: Include SYSTEM files in search results .... .... .... 0... = Volume ID: Do NOT include volume IDs in search results .... .... ...1 .... = Directory: Include DIRECTORIES in search results .... .... ..0. .... = Archive: Do NOT include archive files in search results Search Count: 150 Flags: 0x0006 .... .... ...0 .... = Backup Intent: No backup intent .... .... .... 0... = Continue: New search, do NOT continue from previous position .... .... .... .1.. = Resume: Return RESUME keys .... .... .... ..1. = Close on EOS: CLOSE search if END OF SEARCH is reached .... .... .... ...0 = Close: Do NOT close search after this request Level of Interest: Find File Directory Info (257) Storage Type: 0 Search Pattern: \Temp\* No. Time Source Destination Protocol Info 5 0.114724 172.19.71.71 172.30.33.11 SMB Trans2 Response, FIND_FIRST2, Files: . .. file1 file2 file3 Frame 5 (522 bytes on wire, 522 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613345000 [Time delta from previous captured frame: 0.057445000 seconds] [Time delta from previous displayed frame: 0.057445000 seconds] [Time since reference or first frame: 0.114724000 seconds] Frame Number: 5 Frame Length: 522 bytes Capture Length: 522 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 508 Identification: 0x5619 (22041) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe55e [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 201, Ack: 187, Len: 456 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 201 (relative sequence number) [Next sequence number: 657 (relative sequence number)] Acknowledgement number: 187 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65031 Checksum: 0xd4d3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591851 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.057445000 seconds] [Number of bytes in flight: 456] NetBIOS Session Service Message Type: Session message Length: 452 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 4] [Time from request: 0.057445000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 632 Trans2 Response (0x32) Subcommand: FIND_FIRST2 (0x0001) [Level of Interest: Find File Directory Info (257)] [Search Pattern: \Temp\*] Word Count (WCT): 10 Total Parameter Count: 10 Total Data Count: 384 Reserved: 0000 Parameter Count: 10 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 384 Data Offset: 68 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 397 Padding: 00 FIND_FIRST2 Parameters Level of Interest: Find File Directory Info (257) Search ID: 0x0002 Search Count: 5 End Of Search: 1 EA Error offset: 0 Last Name Offset: 304 Padding: 0000 FIND_FIRST2 Data Find File Directory Info File: . Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 2 File Name: . Find File Directory Info File: .. Next Entry Offset: 72 File Index: 0 Created: Apr 24, 2009 16:56:11.024191600 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.870541100 Change: Mar 1, 2010 14:13:56.870541100 End Of File: 0 Allocation Size: 0 File Attributes: 0x00000010 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive .... .... .... .... .... .... ...1 .... = Directory: This is a DIRECTORY .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 4 File Name: .. Find File Directory Info File: file1 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:35.953352600 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file1 Find File Directory Info File: file2 Next Entry Offset: 80 File Index: 0 Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file2 Find File Directory Info File: file3 Next Entry Offset: 0 File Index: 0 Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 End Of File: 14 Allocation Size: 16 File Attributes: 0x00000020 .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set .... .... .... .... .... .... .0.. .... = Device: This is NOT a device .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .... .... .... .... .0.. = System: This is NOT a system file .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only File Name Len: 10 File Name: file3 Unknown Data: 000000000000 No. Time Source Destination Protocol Info 6 0.114870 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file1 Frame 6 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.613491000 [Time delta from previous captured frame: 0.000146000 seconds] [Time delta from previous displayed frame: 0.000146000 seconds] [Time since reference or first frame: 0.114870000 seconds] Frame Number: 6 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bc (29628) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0620 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 187, Ack: 657, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 187 (relative sequence number) [Next sequence number: 287 (relative sequence number)] Acknowledgement number: 657 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8cf3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591865, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5] [The RTT to ACK the segment was: 0.000146000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 7] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file1 No. Time Source Destination Protocol Info 7 0.174305 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 7 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.672926000 [Time delta from previous captured frame: 0.059435000 seconds] [Time delta from previous displayed frame: 0.059435000 seconds] [Time since reference or first frame: 0.174305000 seconds] Frame Number: 7 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x5620 (22048) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe64b [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 657, Ack: 287, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 657 (relative sequence number) [Next sequence number: 869 (relative sequence number)] Acknowledgement number: 287 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64931 Checksum: 0x396b [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822121, TSecr 6591865 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.059435000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 6] [Time from request: 0.059435000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 633 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file1] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:01.851618100 Last Access: Mar 1, 2010 14:13:40.561695100 Last Write: Mar 1, 2010 14:13:35.953352600 Change: Mar 1, 2010 14:13:35.953352600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file1 No. Time Source Destination Protocol Info 8 0.174423 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file2 Frame 8 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.673044000 [Time delta from previous captured frame: 0.000118000 seconds] [Time delta from previous displayed frame: 0.000118000 seconds] [Time since reference or first frame: 0.174423000 seconds] Frame Number: 8 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73bd (29629) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061f [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 287, Ack: 869, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 287 (relative sequence number) [Next sequence number: 387 (relative sequence number)] Acknowledgement number: 869 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x89ac [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591880, TSecr 62822121 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 7] [The RTT to ACK the segment was: 0.000118000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 9] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file2 No. Time Source Destination Protocol Info 9 0.230720 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 9 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729341000 [Time delta from previous captured frame: 0.056297000 seconds] [Time delta from previous displayed frame: 0.056297000 seconds] [Time since reference or first frame: 0.230720000 seconds] Frame Number: 9 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x567b (22139) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe5f0 [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 869, Ack: 387, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 869 (relative sequence number) [Next sequence number: 1081 (relative sequence number)] Acknowledgement number: 387 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64831 Checksum: 0x94dd [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591880 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 8] [The RTT to ACK the segment was: 0.056297000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 8] [Time from request: 0.056297000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 634 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file2] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:50.653184100 Last Access: Mar 1, 2010 14:13:50.762534600 Last Write: Mar 1, 2010 14:13:50.762534600 Change: Mar 1, 2010 14:13:50.762534600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file2 No. Time Source Destination Protocol Info 10 0.230837 172.30.33.11 172.19.71.71 SMB Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \Temp\file3 Frame 10 (166 bytes on wire, 166 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.729458000 [Time delta from previous captured frame: 0.000117000 seconds] [Time delta from previous displayed frame: 0.000117000 seconds] [Time since reference or first frame: 0.230837000 seconds] Frame Number: 10 Frame Length: 166 bytes Capture Length: 166 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 152 Identification: 0x73be (29630) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x061e [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 387, Ack: 1081, Len: 100 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 387 (relative sequence number) [Next sequence number: 487 (relative sequence number)] Acknowledgement number: 1081 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0x8665 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591894, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.000117000 seconds] [Number of bytes in flight: 100] NetBIOS Session Service Message Type: Session message Length: 96 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 11] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 30 Total Data Count: 0 Max Parameter Count: 2 Max Data Count: 4000 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 30 Parameter Offset: 66 Data Count: 0 Data Offset: 0 Setup Count: 1 Reserved: 00 Subcommand: QUERY_PATH_INFO (0x0005) Byte Count (BCC): 31 Padding: 00 QUERY_PATH_INFO Parameters Level of Interest: Query File All Info (263) Reserved: 00000000 File Name: \Temp\file3 No. Time Source Destination Protocol Info 11 0.286786 172.19.71.71 172.30.33.11 SMB Trans2 Response, QUERY_PATH_INFO Frame 11 (278 bytes on wire, 278 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.785407000 [Time delta from previous captured frame: 0.055949000 seconds] [Time delta from previous displayed frame: 0.055949000 seconds] [Time since reference or first frame: 0.286786000 seconds] Frame Number: 11 Frame Length: 278 bytes Capture Length: 278 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:nbss:smb] [Coloring Rule Name: SMB] [Coloring Rule String: smb || nbss || nbns || nbipx || ipxsap || netbios] Ethernet II, Src: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b), Dst: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Destination: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.19.71.71 (172.19.71.71), Dst: 172.30.33.11 (172.30.33.11) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 264 Identification: 0x572f (22319) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 125 Protocol: TCP (0x06) Header checksum: 0xe53c [correct] [Good: True] [Bad : False] Source: 172.19.71.71 (172.19.71.71) Destination: 172.30.33.11 (172.30.33.11) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 55075 (55075), Seq: 1081, Ack: 487, Len: 212 Source port: microsoft-ds (445) Destination port: 55075 (55075) [Stream index: 0] Sequence number: 1081 (relative sequence number) [Next sequence number: 1293 (relative sequence number)] Acknowledgement number: 487 (relative ack number) Header length: 32 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 64731 Checksum: 0xb726 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 62822122, TSecr 6591894 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 10] [The RTT to ACK the segment was: 0.055949000 seconds] [Number of bytes in flight: 212] NetBIOS Session Service Message Type: Session message Length: 208 SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 10] [Time from request: 0.055949000 seconds] SMB Command: Trans2 (0x32) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x80 1... .... = Request/Response: Message is a response to the client/redirector .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&amp;Read, Write&amp;Unlock are not supported Flags2: 0xc001 1... .... .... .... = Unicode Strings: Strings are Unicode .1.. .... .... .... = Error Code Type: Error codes are NT error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4106 Process ID: 5657 User ID: 10241 Multiplex ID: 635 Trans2 Response (0x32) Subcommand: QUERY_PATH_INFO (0x0005) [Level of Interest: Query File All Info (263)] [File Name: \Temp\file3] Word Count (WCT): 10 Total Parameter Count: 2 Total Data Count: 148 Reserved: 0000 Parameter Count: 2 Parameter Offset: 56 Parameter Displacement: 0 Data Count: 148 Data Offset: 60 Data Displacement: 0 Setup Count: 0 Reserved: 00 Byte Count (BCC): 153 Padding: 00 QUERY_PATH_INFO Parameters EA Error offset: 0 Padding: 0000 QUERY_PATH_INFO Data Created: Mar 1, 2010 14:13:56.870541100 Last Access: Mar 1, 2010 14:13:56.979891600 Last Write: Mar 1, 2010 14:13:56.979891600 Change: Mar 1, 2010 14:13:56.979891600 File Attributes: 0x00000020 .0.. .... .... .... = Encrypted: This is NOT an encrypted file ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service ...0 .... .... .... = Offline: This file is NOT offline .... 0... .... .... = Compressed: This is NOT a compressed file .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point .... ..0. .... .... = Sparse: This is NOT a sparse file .... ...0 .... .... = Temporary: This is NOT a temporary file .... .... 0... .... = Normal: This file has some attribute set .... .... .0.. .... = Device: This is NOT a device .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE .... .... ...0 .... = Directory: This is NOT a directory .... .... .... 0... = Volume ID: This is NOT a volume ID .... .... .... .0.. = System: This is NOT a system file .... .... .... ..0. = Hidden: This is NOT a hidden file .... .... .... ...0 = Read Only: This file is NOT read only Allocation Size: 16 End Of File: 14 Link Count: 1 Delete Pending: Normal, no pending delete (0) Is Directory: This is NOT a directory (0) EA List Length: 0 File Name Len: 76 File Name: \SLP\Temp\file3 No. Time Source Destination Protocol Info 12 0.327224 172.30.33.11 172.19.71.71 TCP 55075 &gt; microsoft-ds [ACK] Seq=487 Ack=1293 Win=1002 Len=0 TSV=6591918 TSER=62822122 Frame 12 (66 bytes on wire, 66 bytes captured) Arrival Time: Mar 1, 2010 15:05:49.825845000 [Time delta from previous captured frame: 0.040438000 seconds] [Time delta from previous displayed frame: 0.040438000 seconds] [Time since reference or first frame: 0.327224000 seconds] Frame Number: 12 Frame Length: 66 bytes Capture Length: 66 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Inventec_dd:63:6b (00:1e:33:dd:63:6b), Dst: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Destination: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) Address: JuniperN_f8:13:8b (b0:c6:9a:f8:13:8b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Inventec_dd:63:6b (00:1e:33:dd:63:6b) Address: Inventec_dd:63:6b (00:1e:33:dd:63:6b) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 172.30.33.11 (172.30.33.11), Dst: 172.19.71.71 (172.19.71.71) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x73bf (29631) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x0681 [correct] [Good: True] [Bad : False] Source: 172.30.33.11 (172.30.33.11) Destination: 172.19.71.71 (172.19.71.71) Transmission Control Protocol, Src Port: 55075 (55075), Dst Port: microsoft-ds (445), Seq: 487, Ack: 1293, Len: 0 Source port: 55075 (55075) Destination port: microsoft-ds (445) [Stream index: 0] Sequence number: 487 (relative sequence number) Acknowledgement number: 1293 (relative ack number) Header length: 32 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 1002 Checksum: 0xecd2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) NOP NOP Timestamps: TSval 6591918, TSecr 62822122 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.040438000 seconds] _______________________________________________ linux-cifs-client mailing list linux-cifs-client&lt; at &gt;lists.samba.org https://lists.samba.org/mailman/listinfo/linux-cifs-client </pre> Seb Astien 2010-03-12T14:36:20 http://comments.gmane.org/gmane.linux.file-systems.cifs/6204 <pre>_______________________________________________ linux-cifs-client mailing list linux-cifs-client&lt; at &gt;lists.samba.org https://lists.samba.org/mailman/listinfo/linux-cifs-client </pre> Ahmed Al-Jeshi 2010-02-10T11:29:36 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.file-systems.cifs