Jonathon Doran
2009-Jul-26 19:41 UTC
[Samba] server response does not appear to correspond to request
Here is a second, somewhat related question to my last one. When looking over the network trace I have ran into something I cannot explain. It may be quite proper, in which case I am misreading the trace. But I would appreciate it if someone would explain this to me. In packet 109 of the trace (during a login with no profile on the server), I see a "NT Create AndX request" for the path \jon.V2. I'll provide the captured packet below. But for now, this makes perfect sense. I am certainly interested in the resolution of this request. The trace lists the response as coming in packet 110. Well, that is convenient, as I don't have far to look. In packet 110 I learn that the request failed. The packet shows that it is a response to packet 109, so we are consistent so far. But the filename in the response is "\jon\Desktop". Desktop never appeared in the original request, yet my read of the response is that a create failed on a path which differed from that in the request. Assuming that I am mistaken, it would be very helpful if I understood where I am going wrong in my thinking. As always, feedback from the list is appreciated. Jonathon Doran University of North Texas, LARC Frame 109 (158 bytes on wire, 158 bytes captured) Ethernet II, Src: warcraft.larc.local (00:1e:4f:d3:65:a9), Dst: unreal.larc.local (00:14:85:14:f5:78) Internet Protocol, Src: warcraft.larc.local (10.0.1.5), Dst: unreal.larc.local (10.0.0.2) Transmission Control Protocol, Src Port: 49159 (49159), Dst Port: netbios-ssn (139), Seq: 5200, Ack: 4597, Len: 104 Source port: 49159 (49159) Destination port: netbios-ssn (139) [Stream index: 2] Sequence number: 5200 (relative sequence number) [Next sequence number: 5304 (relative sequence number)] Acknowledgement number: 4597 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 65700 (scaled) Checksum: 0xf3d6 [validation disabled] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response in: 110] SMB Command: NT Create AndX (0xa2) NT Status: STATUS_SUCCESS (0x00000000) Flags: 0x18 Flags2: 0xc807 Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4 (\\UNREAL\PROFDATA) Process ID: 980 User ID: 102 (LARC\jon) Multiplex ID: 2304 NT Create AndX Request (0xa2) Word Count (WCT): 24 AndXCommand: No further commands (0xff) Reserved: 00 AndXOffset: 57054 Reserved: 00 File Name Len: 14 Create Flags: 0x00000010 Root FID: 0x00000000 Access Mask: 0x00100100 Allocation Size: 0 File Attributes: 0x00000000 Share Access: 0x00000007 SHARE_DELETE SHARE_WRITE SHARE_READ Disposition: Open (if file exists open it, else fail) (1) Create Options: 0x00200000 Impersonation: Impersonation (2) Security Flags: 0x00 Byte Count (BCC): 17 File Name: \jon.V2 Frame 110 (93 bytes on wire, 93 bytes captured) Ethernet II, Src: unreal.larc.local (00:14:85:14:f5:78), Dst: warcraft.larc.local (00:1e:4f:d3:65:a9) Internet Protocol, Src: unreal.larc.local (10.0.0.2), Dst: warcraft.larc.local (10.0.1.5) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 49159 (49159), Seq: 4597, Ack: 5304, Len: 39 Source port: netbios-ssn (139) Destination port: 49159 (49159) [Stream index: 2] Sequence number: 4597 (relative sequence number) [Next sequence number: 4636 (relative sequence number)] Acknowledgement number: 5304 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) Window size: 23040 (scaled) Checksum: 0x1548 [validation disabled] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header Server Component: SMB [Response to: 109] [Time from request: 0.001582000 seconds] SMB Command: NT Create AndX (0xa2) NT Status: STATUS_ACCESS_DENIED (0xc0000022) Flags: 0x88 Flags2: 0xc801 Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 4 (\\UNREAL\PROFDATA) Process ID: 980 User ID: 102 (LARC\jon) Multiplex ID: 2304 NT Create AndX Response (0xa2) Word Count (WCT): 0 Byte Count (BCC): 0 [FID: 0x0000 (\jon\Desktop)] [Opened in: 22103] [Closed in: 22103] [File Name: \jon\Desktop] Create Flags: 0x00000010 Access Mask: 0x00100001 File Attributes: 0x00000080 Share Access: 0x00000003 SHARE_WRITE SHARE_READ Create Options: 0x00200001