Wireshark · Wireshark-users: [Wireshark-users] Wireshark Causing SMB Query

Wireshark-users: [Wireshark-users] Wireshark Causing SMB Query

From: Jim Aragon <Jim@xxxxxxxxxxxxxxxxx>

Date: Sat, 02 Mar 2013 23:08:07 -0800

Wireshark used to be completely passive, as long as network name resolution was turned off. Last week I was using Wireshark PortableApps version 1.8.5 at work on a Windows XP computer, and I noticed that every time I started capturing, my PC sent an SMB query for a file or directory called ".wireshark" in my home directory, which is on a NetApp filer. The .wireshark file does not exist, so the NetApp filer returned STATUS_OBJECT_NAME_NOT_FOUND. The query and response were repeated four times over a period of 20 ms. However, Wireshark did not display any error dialog and capturing functioned normally. This happened every time I started or re-started live capturing, not just when Wireshark was first launched.

Does anyone know why Wireshark is now looking for this file and what is supposed to be in it? A trace file showing the SMB queries and responses is at https://www.cloudshark.org/captures/a3d0e503cdad

I'd really like to go back to Wireshark being passive and not causing any network traffic to be sent.

Jim

Follow-Ups:
- Re: [Wireshark-users] Wireshark Causing SMB Query
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] USB Dissector for PTP (Camera) Protocol?
Next by Date: Re: [Wireshark-users] Wireshark Causing SMB Query
Previous by thread: Re: [Wireshark-users] USB Dissector for PTP (Camera) Protocol?
Next by thread: Re: [Wireshark-users] Wireshark Causing SMB Query
Index(es):
- Date
- Thread