[Samba] server response does not appear to correspond to request

Sun, 26 Jul 2009 12:42:04 -0700

Here is a second, somewhat related question to my last one. When looking over the network trace I have ran into something I cannot explain. It may be quite proper, in which case I am misreading the trace. But I would appreciate it if someone would explain this to me.
In packet 109 of the trace (during a login with no profile on the server), I see a "NT Create AndX request" for the path \jon.V2. I'll provide the captured packet below. But for now, this makes perfect sense. I am certainly interested in the resolution of this request. The trace lists the response as coming in packet 110. Well, that is convenient, as I don't have far to look. 


In packet 110 I learn that the request failed.  The packet shows that  
it is a response to packet 109, so we are consistent so far.  But the  
filename in the response is "\jon\Desktop". Desktop never appeared in  
the original request, yet my read of the response is that a create  
failed on a path which differed from that in the request.



Assuming that I am mistaken, it would be very helpful if I understood  
where I am going wrong in my thinking.


As always, feedback from the list is appreciated.

Jonathon Doran
University of North Texas, LARC

Frame 109 (158 bytes on wire, 158 bytes captured)

Ethernet II, Src: warcraft.larc.local (00:1e:4f:d3:65:a9), Dst:  
unreal.larc.local (00:14:85:14:f5:78)
Internet Protocol, Src: warcraft.larc.local (10.0.1.5), Dst:  
unreal.larc.local (10.0.0.2)
Transmission Control Protocol, Src Port: 49159 (49159), Dst Port:  
netbios-ssn (139), Seq: 5200, Ack: 4597, Len: 104

    Source port: 49159 (49159)
    Destination port: netbios-ssn (139)
    [Stream index: 2]
    Sequence number: 5200    (relative sequence number)
    [Next sequence number: 5304    (relative sequence number)]
    Acknowledgement number: 4597    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65700 (scaled)
    Checksum: 0xf3d6 [validation disabled]
    [SEQ/ACK analysis]
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        [Response in: 110]
        SMB Command: NT Create AndX (0xa2)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18
        Flags2: 0xc807
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 4  (\\UNREAL\PROFDATA)
        Process ID: 980
        User ID: 102  (LARC\jon)
        Multiplex ID: 2304
    NT Create AndX Request (0xa2)
        Word Count (WCT): 24
        AndXCommand: No further commands (0xff)
        Reserved: 00
        AndXOffset: 57054
        Reserved: 00
        File Name Len: 14
        Create Flags: 0x00000010
        Root FID: 0x00000000
        Access Mask: 0x00100100
        Allocation Size: 0
        File Attributes: 0x00000000
        Share Access: 0x00000007 SHARE_DELETE SHARE_WRITE SHARE_READ
        Disposition: Open (if file exists open it, else fail) (1)
        Create Options: 0x00200000
        Impersonation: Impersonation (2)
        Security Flags: 0x00
        Byte Count (BCC): 17
        File Name: \jon.V2



Frame 110 (93 bytes on wire, 93 bytes captured)

Ethernet II, Src: unreal.larc.local (00:14:85:14:f5:78), Dst:  
warcraft.larc.local (00:1e:4f:d3:65:a9)
Internet Protocol, Src: unreal.larc.local (10.0.0.2), Dst:  
warcraft.larc.local (10.0.1.5)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:  
49159 (49159), Seq: 4597, Ack: 5304, Len: 39

    Source port: netbios-ssn (139)
    Destination port: 49159 (49159)
    [Stream index: 2]
    Sequence number: 4597    (relative sequence number)
    [Next sequence number: 4636    (relative sequence number)]
    Acknowledgement number: 5304    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 23040 (scaled)
    Checksum: 0x1548 [validation disabled]
    [SEQ/ACK analysis]
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        [Response to: 109]
        [Time from request: 0.001582000 seconds]
        SMB Command: NT Create AndX (0xa2)
        NT Status: STATUS_ACCESS_DENIED (0xc0000022)
        Flags: 0x88
        Flags2: 0xc801
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 4  (\\UNREAL\PROFDATA)
        Process ID: 980
        User ID: 102  (LARC\jon)
        Multiplex ID: 2304
    NT Create AndX Response (0xa2)
        Word Count (WCT): 0
        Byte Count (BCC): 0
        [FID: 0x0000 (\jon\Desktop)]
            [Opened in: 22103]
            [Closed in: 22103]
            [File Name: \jon\Desktop]
            Create Flags: 0x00000010
            Access Mask: 0x00100001
            File Attributes: 0x00000080
            Share Access: 0x00000003 SHARE_WRITE SHARE_READ
            Create Options: 0x00200001
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to