Hi,
I am trying to learn
a bit about SMB. I sniffed the copying of a file from a shared folder in the LAN
I belong to to my desktop. From some reason, the file was copied 3 times to my
computer (3 Read AndX Responses), and the exact same process [NT
Create AndX Request, NT Create AndX Response, Trans2 Request (SET_file_info),
Trans2 Response (Set_file_info), Read AndX Request, Read AndX Response
(containing the file Data), Close Request, Close Response] was repeated. It
think it is not due to timeouts, because the responses were received before the
following requests were sent. I have no idea why it happens, but it adds a lot
of redundent traffic. Have any idea wat is the problem? Moreover, in the above
process, my computer tries to SET_FILE_INFO. Why does it do so (SET info) if it
only COPIES the file?
I attach the pcap
file.
Thanks for your
help,
Hila
Attachment:
CopyFile.pcap
Description: Binary data
