Hi,
I am trying to learn
a bit about SMB. I sniffed the copying of a file from a shared folder in
the LAN I belong to to my desktop. From some reason, the file was copied 3 times
to my computer (3 Read AndX Responses), and the exact same process [NT Create AndX Request, NT Create AndX Response, Trans2 Request
(SET_file_info), Trans2 Response (Set_file_info), Read AndX Request, Read AndX
Response (containing the file Data), Close Request, Close Response] was
repeated. It think it is not due to timeouts, because the responses were
received before the following requests were sent. I have no idea why it happens,
but it adds a lot of redundent traffic. Have any idea wat is the
problem? Moreover, in the above process, my computer tries to
SET_FILE_INFO. Why does it do so (SET info) if it only COPIES the
file?
I attach the pcap
file.
Thanks for your
help,
Hila
IMPORTANT - This email and any attachments is intended for the above named addressee(s), and may contain information which is confidential or privileged. If you are not the intended recipient, please inform the sender immediately and delete this email: you should not copy or use this e-mail for any purpose nor disclose its contents to any person.
Attachment:
CopyFile.pcap
Description: CopyFile.pcap