Ludovic Drolez
2005-Dec-02 16:23 UTC
[Samba] Permission problems after an NT4 -> Samba LDAP PDC migration
Hello,
I replaced an NT4 server by a Samba 3.0.14a ldap server following the
instructions in 'Samba by example'.
Everything works fine except for some files on a W2003 SP2 server:
- when the W2003 server uses the Linux PDC, from a WinXP client, some files are
not writable, and ACLs can be listed but not changed.
- when the NT4 server is up, the same files on the W2003 server can be modified
and ACLs can be changed.
I've attached the 2 ethereal captures.
Also, I've noticed that when the WinXP reads some files on the W2K3 server,
not
a single packet is sent to the PDC. Is it normal ? It seems that the W2K3 has an
ACL cache, and does not try to communicate with our samba server.
Any ideas ?
--
Ludovic DROLEZ
-------------- next part --------------
Frame 4886 (178 on wire, 178 captured)
Arrival Time: Dec 1, 2005 18:24:14.337183000
Time delta from previous packet: 0.000235000 seconds
Time relative to first packet: 1.955019000 seconds
Frame Number: 4886
Packet Length: 178 bytes
Capture Length: 178 bytes
Ethernet II
Destination: 00:14:22:11:93:c1 (00:14:22:11:93:c1)
Source: 00:11:43:ca:d9:04 (00:11:43:ca:d9:04)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.164.8.148 (10.164.8.148), Dst Addr: 10.164.8.12
(10.164.8.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 164
Identification: 0x546d
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x7fff (correct)
Source: 10.164.8.148 (10.164.8.148)
Destination: 10.164.8.12 (10.164.8.12)
Transmission Control Protocol, Src Port: 1740 (1740), Dst Port: netbios-ssn
(139), Seq: 716625107, Ack: 2010932993, Len: 124
Source port: 1740 (1740)
Destination port: netbios-ssn (139)
Sequence number: 716625107
Next sequence number: 716625231
Acknowledgement number: 2010932993
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64824
Checksum: 0xd924 (correct)
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 120
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not
long file names
.... .... .... .1.. = Security Signatures: Security signatures are
supported
.... .... .... ..1. = Extended Attributes: Extended attributes are
supported
.... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
Reserved: 000000000000000000000000
Tree ID: 22530
Process ID: 3040
User ID: 43010
Multiplex ID: 17984
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 34
Create Flags: 0x00000016
.... .... .... .... .... .... .... 0... = Create Directory: Target
of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock: Requesting
BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read: Generic read
is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write: Generic
write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute: Generic
execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All: Generic all
is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed: Maximum
allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security: System
security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can NOT wait
on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can NOT write
owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner may NOT
write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ ACCESS
to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete access
.... .... .... .... .... ...1 .... .... = Write Attributes: WRITE
ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes: READ
ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO delete
child access
.... .... .... .... .... .... ..0. .... = Execute: NO execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE EXTENDED
ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ EXTENDED
ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000080
0... .... .... .... .... .... .... .... = Write Through: This object
does NOT require write through
..0. .... .... .... .... .... .... .... = No Buffering: This object
can be buffered
...0 .... .... .... .... .... .... .... = Random Access: Random
access is NOT requested
.... 0... .... .... .... .... .... .... = Sequential Scan: This
object is NOT optimized for sequential scan
.... .0.. .... .... .... .... .... .... = Delete on Close: This
object will not be deleted on close
.... ..0. .... .... .... .... .... .... = Backup: This object does
NOT support backup semantics
.... ...0 .... .... .... .... .... .... = Posix: This object does
NOT support POSIX semantics
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an
encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file
MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT
offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a
compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file
does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a
sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a
temporary file
.... .... .... .... .... .... 1... .... = Normal: This file is an
ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is NOT a
device
.... .... .... .... .... .... ..0. .... = Archive: This is NOT an
archive file
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a
directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a
volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a
system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a
hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is
NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can NOT be
shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can be
shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can be shared
for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00000040
.... .... .... .... .... .... .... ...0 = Directory: File being
created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through: Writes need
not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only: The file
might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert: Operations
NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory: File being
created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge: The
client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The client
understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The file
will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close: The file
should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x03
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..1. = Effective Only: ONLY ENABLED aspects of the client's
security context are available
Byte Count (BCC): 37
File Name: \pmssaari\PMS.MAS
Frame 4887 (93 on wire, 93 captured)
Arrival Time: Dec 1, 2005 18:24:14.337638000
Time delta from previous packet: 0.000455000 seconds
Time relative to first packet: 1.955474000 seconds
Frame Number: 4887
Packet Length: 93 bytes
Capture Length: 93 bytes
Ethernet II
Destination: 00:11:43:ca:d9:04 (00:11:43:ca:d9:04)
Source: 00:14:22:11:93:c1 (00:14:22:11:93:c1)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.164.8.12 (10.164.8.12), Dst Addr: 10.164.8.148
(10.164.8.148)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 79
Identification: 0x7492
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x602f (correct)
Source: 10.164.8.12 (10.164.8.12)
Destination: 10.164.8.148 (10.164.8.148)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1740
(1740), Seq: 2010932993, Ack: 716625231, Len: 39
Source port: netbios-ssn (139)
Destination port: 1740 (1740)
Sequence number: 2010932993
Next sequence number: 2010933032
Acknowledgement number: 716625231
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64592
Checksum: 0xcaa3 (correct)
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 35
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 4886
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_ACCESS_DENIED (0xc0000022)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not
long file names
.... .... .... .1.. = Security Signatures: Security signatures are
supported
.... .... .... ..1. = Extended Attributes: Extended attributes are
supported
.... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
Reserved: 000000000000000000000000
Tree ID: 22530
Process ID: 3040
User ID: 43010
Multiplex ID: 17984
NT Create AndX Response (0xa2)
Word Count (WCT): 0
Byte Count (BCC): 0
-------------- next part --------------
Frame 10995 (178 on wire, 178 captured)
Arrival Time: Dec 1, 2005 19:51:41.178076000
Time delta from previous packet: 0.001153000 seconds
Time relative to first packet: 5.035264000 seconds
Frame Number: 10995
Packet Length: 178 bytes
Capture Length: 178 bytes
Ethernet II
Destination: 00:14:22:11:93:c1 (00:14:22:11:93:c1)
Source: 00:11:43:ca:d9:04 (00:11:43:ca:d9:04)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.164.8.148 (10.164.8.148), Dst Addr: 10.164.8.12
(10.164.8.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 164
Identification: 0x78d5
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5b97 (correct)
Source: 10.164.8.148 (10.164.8.148)
Destination: 10.164.8.12 (10.164.8.12)
Transmission Control Protocol, Src Port: 1037 (1037), Dst Port: 445 (445), Seq:
3533260855, Ack: 3186873572, Len: 124
Source port: 1037 (1037)
Destination port: 445 (445)
Sequence number: 3533260855
Next sequence number: 3533260979
Acknowledgement number: 3186873572
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x638f (correct)
NetBIOS Session Service
Message Type: Session message
Length: 120
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not
long file names
.... .... .... .1.. = Security Signatures: Security signatures are
supported
.... .... .... ..1. = Extended Attributes: Extended attributes are
supported
.... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
Reserved: 000000000000000000000000
Tree ID: 2049
Process ID: 328
User ID: 2049
Multiplex ID: 23168
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 34
Create Flags: 0x00000016
.... .... .... .... .... .... .... 0... = Create Directory: Target
of open can be a file
.... .... .... .... .... .... .... .1.. = Batch Oplock: Requesting
BATCH OPLOCK
.... .... .... .... .... .... .... ..1. = Exclusive Oplock:
Requesting OPLOCK
Root FID: 0x00000000
Access Mask: 0x0002019f
0... .... .... .... .... .... .... .... = Generic Read: Generic read
is NOT set
.0.. .... .... .... .... .... .... .... = Generic Write: Generic
write is NOT set
..0. .... .... .... .... .... .... .... = Generic Execute: Generic
execute is NOT set
...0 .... .... .... .... .... .... .... = Generic All: Generic all
is NOT set
.... ..0. .... .... .... .... .... .... = Maximum Allowed: Maximum
allowed is NOT set
.... ...0 .... .... .... .... .... .... = System Security: System
security is NOT set
.... .... ...0 .... .... .... .... .... = Synchronize: Can NOT wait
on handle to synchronize on completion of I/O
.... .... .... 0... .... .... .... .... = Write Owner: Can NOT write
owner (take ownership)
.... .... .... .0.. .... .... .... .... = Write DAC: Owner may NOT
write to the DAC
.... .... .... ..1. .... .... .... .... = Read Control: READ ACCESS
to owner, group and ACL of the SID
.... .... .... ...0 .... .... .... .... = Delete: NO delete access
.... .... .... .... .... ...1 .... .... = Write Attributes: WRITE
ATTRIBUTES access
.... .... .... .... .... .... 1... .... = Read Attributes: READ
ATTRIBUTES access
.... .... .... .... .... .... .0.. .... = Delete Child: NO delete
child access
.... .... .... .... .... .... ..0. .... = Execute: NO execute access
.... .... .... .... .... .... ...1 .... = Write EA: WRITE EXTENDED
ATTRIBUTES access
.... .... .... .... .... .... .... 1... = Read EA: READ EXTENDED
ATTRIBUTES access
.... .... .... .... .... .... .... .1.. = Append: APPEND access
.... .... .... .... .... .... .... ..1. = Write: WRITE access
.... .... .... .... .... .... .... ...1 = Read: READ access
Allocation Size: 0
File Attributes: 0x00000080
0... .... .... .... .... .... .... .... = Write Through: This object
does NOT require write through
..0. .... .... .... .... .... .... .... = No Buffering: This object
can be buffered
...0 .... .... .... .... .... .... .... = Random Access: Random
access is NOT requested
.... 0... .... .... .... .... .... .... = Sequential Scan: This
object is NOT optimized for sequential scan
.... .0.. .... .... .... .... .... .... = Delete on Close: This
object will not be deleted on close
.... ..0. .... .... .... .... .... .... = Backup: This object does
NOT support backup semantics
.... ...0 .... .... .... .... .... .... = Posix: This object does
NOT support POSIX semantics
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an
encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file
MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT
offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a
compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file
does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a
sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a
temporary file
.... .... .... .... .... .... 1... .... = Normal: This file is an
ordinary file
.... .... .... .... .... .... .0.. .... = Device: This is NOT a
device
.... .... .... .... .... .... ..0. .... = Archive: This is NOT an
archive file
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a
directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a
volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a
system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a
hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is
NOT read only
Share Access: 0x00000003
.... .... .... .... .... .... .... .0.. = Delete: Object can NOT be
shared for delete
.... .... .... .... .... .... .... ..1. = Write: Object can be
shared for WRITE
.... .... .... .... .... .... .... ...1 = Read: Object can be shared
for READ
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00000040
.... .... .... .... .... .... .... ...0 = Directory: File being
created/opened must not be a directory
.... .... .... .... .... .... .... ..0. = Write Through: Writes need
not flush buffered data before completing
.... .... .... .... .... .... .... .0.. = Sequential Only: The file
might not only be accessed sequentially
.... .... .... .... .... .... ...0 .... = Sync I/O Alert: Operations
NOT necessarily synchronous
.... .... .... .... .... .... ..0. .... = Sync I/O Nonalert:
Operations NOT necessarily synchronous
.... .... .... .... .... .... .1.. .... = Non-Directory: File being
created/opened must not be a directory
.... .... .... .... .... ..0. .... .... = No EA Knowledge: The
client understands extended attributes
.... .... .... .... .... .0.. .... .... = 8.3 Only: The client
understands long file names
.... .... .... .... .... 0... .... .... = Random Access: The file
will not be accessed randomly
.... .... .... .... ...0 .... .... .... = Delete On Close: The file
should not be deleted when it is closed
Impersonation: Impersonation (2)
Security Flags: 0x03
.... ...1 = Context Tracking: Security tracking mode is DYNAMIC
.... ..1. = Effective Only: ONLY ENABLED aspects of the client's
security context are available
Byte Count (BCC): 37
File Name: \pmssaari\PMS.MAS
Frame 11008 (193 on wire, 193 captured)
Arrival Time: Dec 1, 2005 19:51:41.189822000
Time delta from previous packet: 0.000050000 seconds
Time relative to first packet: 5.047010000 seconds
Frame Number: 11008
Packet Length: 193 bytes
Capture Length: 193 bytes
Ethernet II
Destination: 00:11:43:ca:d9:04 (00:11:43:ca:d9:04)
Source: 00:14:22:11:93:c1 (00:14:22:11:93:c1)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.164.8.12 (10.164.8.12), Dst Addr: 10.164.8.148
(10.164.8.148)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0x5dbc
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x76a1 (correct)
Source: 10.164.8.12 (10.164.8.12)
Destination: 10.164.8.148 (10.164.8.148)
Transmission Control Protocol, Src Port: 445 (445), Dst Port: 1037 (1037), Seq:
3186873572, Ack: 3533260979, Len: 139
Source port: 445 (445)
Destination port: 1037 (1037)
Sequence number: 3186873572
Next sequence number: 3186873711
Acknowledgement number: 3533260979
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64592
Checksum: 0x189f (correct)
NetBIOS Session Service
Message Type: Session message
Length: 135
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 10995
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x98
1... .... = Request/Response: Message is a response to the
client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not
long file names
.... .... .... .1.. = Security Signatures: Security signatures are
supported
.... .... .... ..1. = Extended Attributes: Extended attributes are
supported
.... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
Reserved: 000000000000000000000000
Tree ID: 2049
Process ID: 328
User ID: 2049
Multiplex ID: 23168
NT Create AndX Response (0xa2)
Word Count (WCT): 42
AndXCommand: No further commands
Reserved: 00
AndXOffset: 135
Oplock level: Batch oplock granted (2)
FID: 0x4010
Create action: Open (if file exists open it, else fail) (1)
Created: Sep 14, 2005 10:48:52.718749421
Last Access: Dec 1, 2005 19:45:15.031249421
Last Write: Jul 21, 2003 16:10:59.999999425
Change: Sep 14, 2005 11:21:55.687499421
File Attributes: 0x00000020
0... .... .... .... .... .... .... .... = Write Through: This object
does NOT require write through
..0. .... .... .... .... .... .... .... = No Buffering: This object
can be buffered
...0 .... .... .... .... .... .... .... = Random Access: Random
access is NOT requested
.... 0... .... .... .... .... .... .... = Sequential Scan: This
object is NOT optimized for sequential scan
.... .0.. .... .... .... .... .... .... = Delete on Close: This
object will not be deleted on close
.... ..0. .... .... .... .... .... .... = Backup: This object does
NOT support backup semantics
.... ...0 .... .... .... .... .... .... = Posix: This object does
NOT support POSIX semantics
.... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an
encrypted file
.... .... .... .... ..0. .... .... .... = Content Indexed: This file
MAY be indexed by the content indexing service
.... .... .... .... ...0 .... .... .... = Offline: This file is NOT
offline
.... .... .... .... .... 0... .... .... = Compressed: This is NOT a
compressed file
.... .... .... .... .... .0.. .... .... = Reparse Point: This file
does NOT have an associated reparse point
.... .... .... .... .... ..0. .... .... = Sparse: This is NOT a
sparse file
.... .... .... .... .... ...0 .... .... = Temporary: This is NOT a
temporary file
.... .... .... .... .... .... 0... .... = Normal: This file has some
attribute set
.... .... .... .... .... .... .0.. .... = Device: This is NOT a
device
.... .... .... .... .... .... ..1. .... = Archive: This is an
ARCHIVE file
.... .... .... .... .... .... ...0 .... = Directory: This is NOT a
directory
.... .... .... .... .... .... .... 0... = Volume ID: This is NOT a
volume ID
.... .... .... .... .... .... .... .0.. = System: This is NOT a
system file
.... .... .... .... .... .... .... ..0. = Hidden: This is NOT a
hidden file
.... .... .... .... .... .... .... ...0 = Read Only: This file is
NOT read only
Allocation Size: 20480
End Of File: 19012
File Type: Disk file or directory (0)
IPC State: 0x0007
0... .... .... .... = Nonblocking: Reads/writes block if no data
available
.0.. .... .... .... = Endpoint: Consumer end of pipe (0)
.... 00.. .... .... = Pipe Type: Byte stream pipe (0)
.... ..00 .... .... = Read Mode: Read pipe as a byte stream (0)
.... .... 0000 0111 = Icount: 7
Is Directory: This is NOT a directory (0)
Byte Count (BCC): 0
Frame 11009 (130 on wire, 130 captured)
Arrival Time: Dec 1, 2005 19:51:41.189956000
Time delta from previous packet: 0.000134000 seconds
Time relative to first packet: 5.047144000 seconds
Frame Number: 11009
Packet Length: 130 bytes
Capture Length: 130 bytes
Ethernet II
Destination: 00:14:22:11:93:c1 (00:14:22:11:93:c1)
Source: 00:11:43:ca:d9:04 (00:11:43:ca:d9:04)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.164.8.148 (10.164.8.148), Dst Addr: 10.164.8.12
(10.164.8.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 116
Identification: 0x78e2
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5bba (correct)
Source: 10.164.8.148 (10.164.8.148)
Destination: 10.164.8.12 (10.164.8.12)
Transmission Control Protocol, Src Port: 1037 (1037), Dst Port: 445 (445), Seq:
3533260979, Ack: 3186873711, Len: 76
Source port: 1037 (1037)
Destination port: 445 (445)
Sequence number: 3533260979
Next sequence number: 3533261055
Acknowledgement number: 3186873711
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65396
Checksum: 0x36d6 (correct)
NetBIOS Session Service
Message Type: Session message
Length: 72
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Transaction2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not
supported
Flags2: 0xc807
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended
security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not
long file names
.... .... .... .1.. = Security Signatures: Security signatures are
supported
.... .... .... ..1. = Extended Attributes: Extended attributes are
supported
.... .... .... ...1 = Long Names Allowed: Long file names are
allowed in the response
Reserved: 000000000000000000000000
Tree ID: 2049
Process ID: 328
User ID: 2049
Multiplex ID: 23232
Transaction2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 4
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 8
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 4
Parameter Offset: 68
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_FILE_INFORMATION (0x0007)
Byte Count (BCC): 7
Padding: 000000
QUERY_FILE_INFORMATION Parameters
FID: 0x4010
Level of Interest: Query File Internal Info (4.2.14.?) (1006)
Apparently Analagous Threads
Wisdom of the Ancients
