Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: [Ethereal-users] Newbie: Is this a severe problem or normal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Uli DF5SF <uli@xxxxxxxxxxxx>
Date: Sat, 16 Apr 2005 16:19:30 +0200
Hi,
I am new in the group and make my first experience with ethereal.
We have difficulties with one of our severs. The response time is too slow. Now we checked the network (a commercial company 3000$) and on the network is all ok. No packets are destroyed and the bandwidth is working with less than 20% of the capability.
Now I logged the traffic on our Windows 2003 server (192.168.0.12) and I was very surprised that 99,9 percent of the traffic is smb. Sometimes I can see some TCP or ARP packets.
Now my question: Can this be normal or do I have a virus/trojan ? I checked both computers with Symantec. All OK. 

Many thanks for your help.
Uli 
1 15:51:02.267395 192.168.0.10 192.168.0.12 SMB Trans2 Request, FIND_FIRST2, Pattern: \Bcwin32\order.1
2 15:51:02.267897 192.168.0.12 192.168.0.10 SMB Trans2 Response, FIND_FIRST2, Files: ORDER.1
3 15:51:02.268523 192.168.0.10 192.168.0.12 SMB Close Request, FID: 0x4413
4 15:51:02.268666 192.168.0.12 192.168.0.10 SMB Close Response
5 15:51:02.268947 192.168.0.10 192.168.0.12 SMB Trans2 Request,QUERY_PATH_INFO,Query File                                                                                                     BasicInfo,Path:\BCWIN32\order.1
6 15:51:02.269196 192.168.0.12 192.168.0.10 SMB Trans2 Response, QUERY_PATH_INFO
7 15:51:02.269759 192.168.0.10 192.168.0.12 SMB NT Create AndX Request, Path: \BCWIN32\order.1
8 15:51:02.270235 192.168.0.12 192.168.0.10 SMB NT Create AndX Response, FID: 0x0249
9 15:51:02.270597 192.168.0.10 192.168.0.12 SMB Trans2 Request, SET_FILE_INFO, FID: 0x0249
10 15:51:02.270667 192.168.0.12 192.168.0.10 SMB Trans2 Response, SET_FILE_INFO
11 15:51:02.270993 192.168.0.10 192.168.0.12 SMB Read AndX Request, FID: 0x0249, 660 bytes at offset 0
12 15:51:02.271058 192.168.0.12 192.168.0.10 SMB Read AndX Response, FID: 0x0249, 660 bytes
13 15:51:02.272528 192.168.0.10 192.168.0.12 SMB Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:                                                                 \BCWIN32\CInohost.1
14 15:51:02.272695 192.168.0.12 192.168.0.10 SMB Trans2 Response, QUERY_PATH_INFO, Error:                                                                                      STATUS_OBJECT_NAME_NOT_FOUND
15 15:51:02.274550 192.168.0.10 192.168.0.12 SMB Close Request, FID: 0x0249
16 15:51:02.274643 192.168.0.12 192.168.0.10 SMB Close Response
17 15:51:02.274881 192.168.0.10 192.168.0.12 SMB NT Create AndX Request, Path: \BCWIN32\CInohost.1
18 15:51:02.274959 192.168.0.10 192.168.0.12 SMB NT Create AndX Request, Path: \BCWIN32\order.1
20 15:51:02.275123 192.168.0.12 192.168.0.10 SMB NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
21 15:51:02.275483 192.168.0.12 192.168.0.10 SMB NT Create AndX Response, FID: 0x0243
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube