Hey all.
On one of my servers (Server-A) , I have a file that's getting copied to it from another server (Server-B) via robocopy (it's part of a backup process). When running Wireshark on Server-A, I see the packets for the SMB2 file transfer, but what I'm not exactly sure how to find within Wireshark and the captured packets is, what user account is being used by Server-B to send the file over to Server-A via robocopy. I realize there's ways to determine this from Server-B by looking at which account is running the robocopy command, BUT... humor me, I want to be able to track down which user account is being used via Wireshark and I would think it's somewhere in those packets? If so, where would I see it (there's thousands of packets and each packet has so many subsections to navigate through). Another option I'd consider is using Process Monitor on Server-A, but using that I wasn't able to determine which user account on Server-B was sending over the files... Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/ ________________________________ From: [email protected] <[email protected]> on behalf of Don Ely <[email protected]> Sent: Tuesday, June 21, 2016 8:18 PM To: [email protected] Subject: Re: [NTSysADM] vCenter I was being kinda facetious given the context of the ask... :) On Tue, Jun 21, 2016 at 5:18 PM Kurt Buff <[email protected]<mailto:[email protected]>> wrote: +2 Attach to a span/mirror port on the physical switch to which the host is connected. Kurt On Tue, Jun 21, 2016 at 8:11 AM, Don Ely <[email protected]<mailto:[email protected]>> wrote: Wireshark On Tue, Jun 21, 2016 at 7:54 AM David McSpadden <[email protected]<mailto:[email protected]>> wrote: What is the best way to see network usage of VM's in vCenter 5.5? David McSpadden System Administrator Indiana Members Credit Union P: 317.554.8190<tel:317.554.8190> [Description: Description: imcu email icon]<http://imcu.com/> [Description: Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: Description: email logo] [http://www.amuletsolutions.com/images/mcp.gif]<http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjFztf-tePJAhXK5iYKHcPtAxEQjRwIBw&url=http://www.amuletsolutions.com/awards.aspx&bvm=bv.110151844,d.amc&psig=AFQjCNHkrx8CednTEOOq4zUxYyrRUGzUsg&ust=1450459757284499> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
