Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] some strange cifs request

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 13 Jun 2007 10:11:58 +0000

it is just the client checking if the file has any
AlternateDataStreams attached to it.



On 6/13/07, Zuoheng <zh.huang@xxxxxxxxx> wrote:

Hi,

I am a newbie to Wireshark,  currently using Wireshark troubleshooting
a cifs performance issue. I got some insteresting output from
Wireshark,


No.     Time        Source                Destination           Protocol
Info
     23 0.027344    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}:$DATA
     24 0.027344    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     25 0.027344    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:\005SummaryInformation:$DATA
     26 0.027344    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     27 0.027344    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:Docf_\005SummaryInformation:$DATA
     28 0.027344    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     29 0.031250    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:\005SummaryInformation:$DATA
     30 0.031250    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     31 0.031250    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:Docf_\005SummaryInformation:$DATA
     32 0.031250    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     33 0.031250    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:\005SummaryInformation:$DATA
     34 0.031250    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND

152.62.34.59 is client IP, 10.32.33.99 is a cifs server.

My question is I dont have any such special file or directory under
\rexhuang\, why the client send out such CreateAndX request?

Any input will be appreciated.

/zuoheng
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
  • Follow-Ups:
    • Re: [Wireshark-users] some strange cifs request
      • From: zuoheng
  • References:
    • [Wireshark-users] some strange cifs request
      • From: Zuoheng
  • Prev by Date: [Wireshark-users] some strange cifs request
  • Next by Date: Re: [Wireshark-users] Comparing packets
  • Previous by thread: [Wireshark-users] some strange cifs request
  • Next by thread: Re: [Wireshark-users] some strange cifs request
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation