Wireshark-users: Re: [Wireshark-users] Some question on SMB

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 9 Oct 2006 16:31:05 +0200 (CEST)
Hi,

On the details of SMB I've no clue, you could look at the SAMBA website,
who have reverse engineered this stuff.

The SET_FILE_INFO I can understand, how else does the 'Accessed' propoerty
get updated.

Thanx,
Jaap

On Mon, 9 Oct 2006, Hila Sheftel - Israel wrote:

> Hi,
>
> I am trying to learn a bit about SMB. I sniffed the copying of a file
> from a shared folder in the LAN I belong to to my desktop. From some
> reason, the file was copied 3 times to my computer (3 Read AndX
> Responses), and the exact same process [NT Create AndX Request, NT
> Create AndX Response, Trans2 Request (SET_file_info), Trans2 Response
> (Set_file_info), Read AndX Request, Read AndX Response (containing the
> file Data), Close Request, Close Response] was repeated. It think it is
> not due to timeouts, because the responses were received before the
> following requests were sent. I have no idea why it happens, but it adds
> a lot of redundent traffic. Have any idea wat is the problem? Moreover,
> in the above process, my computer tries to SET_FILE_INFO. Why does it do
> so (SET info) if it only COPIES the file?
>
> I attach the pcap file.
>
> Thanks for your help,
>
> Hila
>
> IMPORTANT - This email and any attachments is intended for the above named addressee(s), and may contain information which is confidential or privileged. If you are not the intended recipient, please inform the sender immediately and delete this email: you should not copy or use this e-mail for any purpose nor disclose its contents to any person.
>
>