Apologies – as this is more of a problem with SMB
client than with Wireshark/Ethereal. But, as I saw a similar thread from
3/2005 from the list http://www.ethereal.com/lists/ethereal-users/200503/msg00048.html,
maybe someone could help me:
I am seeing hundreds of SMB/Trans2/FILE_QUERY_INFO/Query File
Standard Info requests and responses following a file open and prior to the file
close.
The clients are running a custom application in our Citrix
environment running on Windows 2003. We see the same behavior regardless
as to whether the file server is Samba, NetApp, or Windows 2000. The
custom application, is just reading ini files – and so that is anywhere
between a 2-5 packet exchange. The fact that we see hundreds of “Query
File Standard Info” requests and responses (200-300 could occur in the
same half second of time) is very confusing to us. And of course,
it is burying our servers.
Questions:
1) Anyone have
a clue as to this behavior?
2) What is the
difference between: Query File Standard Info, Query File Basic Info,
Query File EA Info?
Thanks,
Jim