Wireshark · Smb2-protocol: [Smb2-protocol] New Extrainfo tag : TWrp

Smb2-protocol: [Smb2-protocol] New Extrainfo tag : TWrp

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Mon, 6 Feb 2006 15:51:18 +1100

In one capture I have seen a new extrainfo tag for the Create call.

It is used in the Create Request (but is not returned in the Response)
It was used when some application opened the file '@'
with Disposition : 1     if file exists open it, else fail

The create flags contained the bit 0x00200000   which i dont know what it means.
The file was opened on a normal share.

The tag is
TWrp
and it is followed by 8 bytes of data,   8 bytes that are definitely a 64bit timestamp.

The weird thing is that this timestamp is slightly in the future.
It is about ~0x0000000020000000   larger than the "current" time of the server

The file was apparently already created (but i can not see when) which might explain why this timestamp is slightly in the future compared to the
Create/Write/Access   timestamps of this file.

Follow-Ups:
- [Smb2-protocol] Re: New Extrainfo tag : TWrp
  - From: ronnie sahlberg
- Re: [Smb2-protocol] New Extrainfo tag : TWrp
  - From: tridge

Prev by Date: Re: [Smb2-protocol] SMB2 named pipes and TID
Next by Date: [Smb2-protocol] Re: New Extrainfo tag : TWrp
Previous by thread: Re: [Smb2-protocol] SMB2 named pipes and TID
Next by thread: [Smb2-protocol] Re: New Extrainfo tag : TWrp
Index(es):
- Date
- Thread