Ethereal-users: Re: [Ethereal-users] SMB Trans2 request
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Prize Jose <PJose@xxxxxxx>
Date: Fri, 04 Mar 2005 14:41:40 -0500
Hello,
Many thanks for the detailed explanation, I looked for ' find, first,
next'. But I don't see any. Please see below the consecutive
request/response.
Client is Windows XP and server is Novel. Time between request/reponse is
not too large.
I am trying to find out the versions. I found following posting on the web
which talks about 'file sharing problems' with Win XP.
"""""
There are numerous, 'improve file sharing performance', 'XP file sharing
slower that Windows 2000' etc. Start at
http://support.microsoft.com/?kbid=811113 and see KB326826, KB834350 etc
""""""
These files are shared by muliple users and at any time there is a chance
that some one else is reading from the same file.
Can I attribute the following issue as a Windows XP problem ?
1019 46.923006 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
NT Create AndX Request, Path: \ICX0000W.BMP
1020 46.923825 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
NT Create AndX Response, Error: STATUS_ACCESS_DENIED
1021 46.923999 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
NT Create AndX Request, Path: \ICX0000W.BMP
1022 46.924863 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
NT Create AndX Response, Error: STATUS_ACCESS_DENIED
1023 46.924964 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
NT Create AndX Request, Path: \ICX0000W.BMP
1024 46.926230 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
NT Create AndX Response, FID: 0x0008
1025 46.926315 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1026 46.927194 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1027 46.927289 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1028 46.928087 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1029 46.928159 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Read AndX Request, FID: 0x0008, 630 bytes at offset 0
1030 46.928543 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Read AndX Response, FID: 0x0008, 630 bytes
1031 46.928722 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1032 46.929293 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1033 46.929398 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1034 46.929666 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1035 46.929744 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1036 46.930199 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1037 46.930238 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1038 46.930484 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1039 46.930688 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1040 46.931674 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1041 46.931886 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1042 46.932808 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1043 46.932943 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1044 46.933138 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1045 46.933180 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1046 46.933718 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1047 46.933774 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0008, Query File Standard Info
1048 46.934373 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Trans2 Response, QUERY_FILE_INFO
1049 46.934482 aaa.bbb.ccc.183 aaa.bbb.ccc.91 SMB
Close Request, FID: 0x0008
1050 46.935009 aaa.bbb.ccc.91 aaa.bbb.ccc.183 SMB
Close Response
Here is one expanded request/response
Frame 1025
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 4
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 24
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 4
Parameter Offset: 68
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_FILE_INFO (0x0007)
Byte Count (BCC): 7
Padding: 000000
QUERY_FILE_INFO Parameters
FID: 0x0008
Level of Interest: Query File Standard Info (1005)
Frame 1026 (142 bytes on wire, 142 bytes captured)
Trans2 Response (0x32)
Subcommand: QUERY_FILE_INFO (0x0007)
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 24
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 24
Data Offset: 60
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 29
Padding: 00
QUERY_FILE_INFO Parameters
EA Error offset: 0
Padding: 0001
QUERY_FILE_INFO Data
Allocation Size: 632
End Of File: 630
Link Count: 1
Delete Pending: Normal, no pending delete (0)
Is Directory: This is NOT a directory (0)
Unknown Data: 0000
Thanks for any help,
Prize
Guy Harris
<gharris@xxxxxxxx
t> To
Sent by: Ethereal user support
ethereal-users-bo <ethereal-users@xxxxxxxxxxxx>
unces@xxxxxxxxxxx cc
m
Subject
Re: [Ethereal-users] SMB Trans2
03/04/2005 01:46 request
PM
Please respond to
Ethereal user
support
<ethereal-users@e
thereal.com>
Prize Jose wrote:
> Can some one please explain me the meaning of 'SMB Trans2 ' request and
> response.
SMB's "transaction" mechanism is used to implement requests and
responses that could transfer more data than the limited amounts some
mechanisms over which SMB is sent allow in a single packet.
Several different types of operations, including the operations that
scan directories and return information about the files and
subdirectories in that directory, use the "transaction" mechanism. The
directory-scanning operations are probably the most frequently seen
operations that use the "trans2" request, and:
> Subcommand: QUERY_FILE_INFO (0x0007)
...that's probably what the Trans2 request you sent is (you'll probably
see "find first" or "find next" (perhaps all capitalized, and perhaps
with underscores or nothing between "find" and "first" or "next") in the
dissection of those requests.
If the time between the request and the response is large, this might be
a problem with the server - scanning a large directory might be slow.
What operating system is the server running and, if it's some flavor of
UN*X (commercial UN*X including Mac OS X, Linux, some flavor of BSD), is
it using Samba and, if so, what version of Samba is it using?
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
- Follow-Ups:
- Re: [Ethereal-users] SMB Trans2 request
- From: Guy Harris
- Re: [Ethereal-users] SMB Trans2 request
- References:
- Re: [Ethereal-users] SMB Trans2 request
- From: Guy Harris
- Re: [Ethereal-users] SMB Trans2 request
- Prev by Date: Re: [Ethereal-users] Problem with Elapsed Time reading Sniffer File
- Next by Date: Re: [Ethereal-users] SMB Trans2 request
- Previous by thread: Re: [Ethereal-users] SMB Trans2 request
- Next by thread: Re: [Ethereal-users] SMB Trans2 request
- Index(es):
- Get Wireshark
- Download
- Code of Conduct