Regarding #2 – I found the following
link: http://msdn.microsoft.com/library/default.asp?url="">
Regarding #1 – Am guessing that the
files were written on the unix end and when read from the Windows side it just
keeps searching for a Ctrl-Z EOF rather than Ctrl-D EOF, but I haven’t
been able to verify this as of yet.
Thought I would update the list before
signing off.
Thx.
Jim
From: Surlow, Jim
Sent: Thursday, February 22, 2007
10:01 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: SMB Trans2
FILE_QUERY_INFO Query File Standard Info - what's going on?
Apologies – as this is more of a problem with SMB
client than with Wireshark/Ethereal. But, as I saw a similar thread from
3/2005 from the list http://www.ethereal.com/lists/ethereal-users/200503/msg00048.html,
maybe someone could help me:
I am seeing hundreds of SMB/Trans2/FILE_QUERY_INFO/Query
File Standard Info requests and responses following a file open and prior to
the file close.
The clients are running a custom application in our Citrix
environment running on Windows 2003. We see the same behavior regardless
as to whether the file server is Samba, NetApp, or Windows 2000. The
custom application, is just reading ini files – and so that is anywhere
between a 2-5 packet exchange. The fact that we see hundreds of
“Query File Standard Info” requests and responses (200-300 could
occur in the same half second of time) is very confusing to us.
And of course, it is burying our servers.
Questions:
1) Anyone have
a clue as to this behavior?
2) What is the
difference between: Query File Standard Info, Query File Basic Info,
Query File EA Info?
Thanks,
Jim
