Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-users: Re: [Ethereal-users] SMB Trans2 request

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 04 Mar 2005 10:46:07 -0800
Prize Jose wrote:

Can some one please explain me the meaning of  'SMB Trans2 ' request and
response.

SMB's "transaction" mechanism is used to implement requests and responses that could transfer more data than the limited amounts some mechanisms over which SMB is sent allow in a single packet.

Several different types of operations, including the operations that scan directories and return information about the files and subdirectories in that directory, use the "transaction" mechanism. The directory-scanning operations are probably the most frequently seen operations that use the "trans2" request, and:

Subcommand: QUERY_FILE_INFO (0x0007)

...that's probably what the Trans2 request you sent is (you'll probably see "find first" or "find next" (perhaps all capitalized, and perhaps with underscores or nothing between "find" and "first" or "next") in the dissection of those requests.

If the time between the request and the response is large, this might be a problem with the server - scanning a large directory might be slow. What operating system is the server running and, if it's some flavor of UN*X (commercial UN*X including Mac OS X, Linux, some flavor of BSD), is it using Samba and, if so, what version of Samba is it using?