thr3ads.net - samba - [Samba] smbd uses 10 to 15% CPU w/Vista client [Sep 2009]

If this information is useful, please help other people find it:
Share via:

Ross Boylan

2009-Sep-06 23:01 UTC

[Samba] smbd uses 10 to 15% CPU w/Vista client

For quite awhile I've noticed that smbd uses 10-15% of my CPU (Pentium
4) when nothing visible is going on.  I have a couple of laptops on my
home network, and some experiments showing that powering on the Vista
laptop (other is OSX) is sufficient to raise useage from 0 to 10-15%.

The screen is locked, although 2 user accounts are logged in.  Wireshark
seems to show a lot of chatter, particularly about the printers.

Can anyone explain what is going on or, even better, how to fix it?

I'm running samba 3.2.5 on Debian Lenny, linux 2.6.26-2-686 kernel.  The
P4 has hyperthreading.  I have not installed any printer drivers on the
server, though they are set up on the client.

Below is my smb.conf and then an excerpt from wireshark:
[global]
   workgroup = Boylan
   server string = %h server
    wins support = yes
   include = /etc/samba/dhcp.conf
   dns proxy = no
   interfaces = 127.0.0.0/8 ethfast
   bind interfaces only = yes
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
   printing = cups
   printcap name = cups
   socket options = TCP_NODELAY
[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
[download]
	comment = Downloads
	path = /usr/local/download
	read only = No

packet capture:
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=1 Ack=1 Win=41664 Len=0
      2 0.006582    192.168.40.2          192.168.40.46         SMB      Read
AndX Response, 3032 bytes
      3 0.006628    192.168.40.2          192.168.40.46         NBSS     Session
message
      4 0.011062    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=1 Ack=3096 Win=4380 Len=0
      5 0.011113    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 5 opnum: 26 ctx_id: 0
      6 0.011233    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=3096 Ack=177 Win=41664 Len=0
      7 0.015300    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 5 ctx_id: 0
      8 0.019147    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
      9 0.019199    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 6 opnum: 53 ctx_id: 0
     10 0.019619    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=4220 Ack=2429 Win=41629 Len=0
     11 0.024679    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724e
     12 0.024708    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     13 0.029030    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=2429 Ack=6376 Win=4380 Len=0
     14 0.030023    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     15 0.030048    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 7 opnum: 8 ctx_id: 0
     16 0.030131    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=6376 Ack=4625 Win=41630 Len=0
     17 0.043197    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 6 ctx_id: 0
     18 0.043230    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     19 0.057041    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=4625 Ack=8524 Win=4380 Len=0
     20 0.057097    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 8 opnum: 29 ctx_id: 0
     21 0.057303    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 8 ctx_id: 0
     22 0.060375    192.168.40.46         192.168.40.2          SMB      Close
Request, FID: 0x724e
     23 0.060552    192.168.40.2          192.168.40.46         SMB      Close
Response
     24 0.065014    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     25 0.066675    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     26 0.066702    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 4 opnum: 8 ctx_id: 0
     27 0.066779    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=8671 Ack=7722 Win=41664 Len=0
     28 0.078417    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
     29 0.078464    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     30 0.084065    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=9046 Ack=12867 Win=4380 Len=0
     31 0.088682    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     32 0.088726    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     33 0.089142    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=12867 Ack=11966 Win=41624 Len=0
     34 0.090003    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 5 opnum: 8 ctx_id: 0
     35 0.100291    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 4 ctx_id: 0
     36 0.100337    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     37 0.105033    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=13290 Ack=17063 Win=4380 Len=0
     38 0.106295    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     39 0.106319    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     40 0.106408    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=17063 Ack=16210 Win=41624 Len=0
     41 0.107386    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 6 opnum: 8 ctx_id: 0
     42 0.117862    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
     43 0.117904    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     44 0.122078    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=17534 Ack=19983 Win=4380 Len=0
     45 0.128247    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     46 0.128293    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     47 0.128396    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=21259 Ack=20454 Win=41624 Len=0
     48 0.129379    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 7 opnum: 8 ctx_id: 0
     49 0.143838    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 6 ctx_id: 0
     50 0.143884    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     51 0.149059    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=21778 Ack=24179 Win=4380 Len=0
     52 0.151506    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     53 0.151536    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     54 0.152384    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=25455 Ack=24698 Win=41624 Len=0
     55 0.152696    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 8 opnum: 8 ctx_id: 0
     56 0.165166    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
     57 0.165221    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     58 0.169365    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=26022 Ack=28375 Win=4380 Len=0
     59 0.173998    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     60 0.174055    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     61 0.174677    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=29651 Ack=28942 Win=41624 Len=0
     62 0.175285    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 9 opnum: 8 ctx_id: 0
     63 0.185694    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 8 ctx_id: 0
     64 0.185742    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     65 0.190075    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=30266 Ack=32571 Win=4380 Len=0
     66 0.192350    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     67 0.192388    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     68 0.192585    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=33847 Ack=33186 Win=41624 Len=0
     69 0.193571    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 10 opnum: 8 ctx_id: 0
     70 0.204285    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
     71 0.204357    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     72 0.209385    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=34510 Ack=36767 Win=4380 Len=0
     73 0.212405    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     74 0.212444    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     75 0.212624    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=38043 Ack=37430 Win=41624 Len=0
     76 0.213603    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 11 opnum: 8 ctx_id: 0
     77 0.254651    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=38043 Ack=38754 Win=41664 Len=0
     78 0.285690    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 10 ctx_id: 0
     79 0.285726    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     80 0.290146    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=38754 Ack=40963 Win=4380 Len=0
     81 0.293432    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     82 0.293454    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     83 0.293571    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=42239 Ack=41674 Win=41624 Len=0
     84 0.294546    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 12 opnum: 8 ctx_id: 0
     85 0.294599    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=42239 Ack=42998 Win=41664 Len=0
     86 0.303569    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
     87 0.303612    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     88 0.309064    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=42998 Ack=46435 Win=4380 Len=0
     89 0.313960    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     90 0.313985    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     91 0.314143    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=46435 Ack=45918 Win=41624 Len=0
     92 0.315124    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 13 opnum: 8 ctx_id: 0
     93 0.325142    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 12 ctx_id: 0
     94 0.325178    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
     95 0.329278    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=47242 Ack=49355 Win=4380 Len=0
     96 0.331377    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     97 0.331404    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
     98 0.331483    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=50631 Ack=50162 Win=41624 Len=0
     99 0.332460    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 14 opnum: 8 ctx_id: 0
    100 0.342030    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    101 0.342084    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    102 0.347080    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=51486 Ack=53551 Win=4380 Len=0
    103 0.353399    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    104 0.353449    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    105 0.354106    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=54827 Ack=54406 Win=41624 Len=0
    106 0.354398    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 15 opnum: 8 ctx_id: 0
    107 0.359527    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 14 ctx_id: 0
    108 0.359571    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    109 0.365321    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=55730 Ack=59023 Win=4380 Len=0
    110 0.366356    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    111 0.370598    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    112 0.371683    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 16 opnum: 8 ctx_id: 0
    113 0.373074    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=59023 Ack=58650 Win=41664 Len=0
    114 0.381831    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    115 0.381878    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    116 0.387440    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=59974 Ack=61943 Win=4380 Len=0
    117 0.392910    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    118 0.392963    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    119 0.393464    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=63219 Ack=62894 Win=41624 Len=0
    120 0.394249    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 17 opnum: 8 ctx_id: 0
    121 0.403604    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 16 ctx_id: 0
    122 0.403650    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    123 0.409099    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=64218 Ack=67415 Win=4380 Len=0
    124 0.410386    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    125 0.410410    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    126 0.410580    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=67415 Ack=67138 Win=41624 Len=0
    127 0.411521    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 18 opnum: 8 ctx_id: 0
    128 0.420971    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    129 0.421015    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    130 0.425231    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=68462 Ack=70335 Win=4380 Len=0
    131 0.431796    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    132 0.431853    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    133 0.431966    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=71611 Ack=71382 Win=41624 Len=0
    134 0.432945    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 19 opnum: 8 ctx_id: 0
    135 0.447681    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 18 ctx_id: 0
    136 0.447730    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    137 0.456977    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=72706 Ack=74531 Win=4380 Len=0
    138 0.458019    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    139 0.458059    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    140 0.458804    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=75807 Ack=75626 Win=41624 Len=0
    141 0.459320    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 20 opnum: 8 ctx_id: 0
    142 0.469774    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    143 0.469820    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    144 0.475069    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=76950 Ack=78727 Win=4380 Len=0
    145 0.481378    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    146 0.481435    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    147 0.482704    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 21 opnum: 8 ctx_id: 0
    148 0.486583    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=80003 Ack=81194 Win=41603 Len=0
    149 0.495941    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 20 ctx_id: 0
    150 0.495981    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    151 0.501605    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=81194 Ack=82923 Win=4380 Len=0
    152 0.504193    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    153 0.504227    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    154 0.504437    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=84199 Ack=84114 Win=41624 Len=0
    155 0.505417    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 22 opnum: 8 ctx_id: 0
    156 0.521496    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    157 0.521542    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    158 0.526067    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=85438 Ack=88395 Win=4380 Len=0
    159 0.530065    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    160 0.531453    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    161 0.531482    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 23 opnum: 8 ctx_id: 0
    162 0.531565    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=88395 Ack=88358 Win=41664 Len=0
    163 0.546270    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 22 ctx_id: 0
    164 0.546313    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    165 0.552063    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=89682 Ack=91315 Win=4380 Len=0
    166 0.556396    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    167 0.556428    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    168 0.556587    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=92591 Ack=92602 Win=41624 Len=0
    169 0.557567    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 24 opnum: 8 ctx_id: 0
    170 0.564894    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    171 0.564938    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    172 0.570400    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=93926 Ack=95511 Win=4380 Len=0
    173 0.576651    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    174 0.576685    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    175 0.576760    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=96787 Ack=96846 Win=41624 Len=0
    176 0.577735    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 25 opnum: 8 ctx_id: 0
    177 0.582815    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 24 ctx_id: 0
    178 0.582856    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    179 0.587053    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=98170 Ack=99707 Win=4380 Len=0
    180 0.589276    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    181 0.589309    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    182 0.589495    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=100983 Ack=101090 Win=41624 Len=0
    183 0.590480    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 26 opnum: 8 ctx_id: 0
    184 0.594962    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    185 0.594993    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    186 0.600148    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=102414 Ack=103903 Win=4380 Len=0
    187 0.605175    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    188 0.605215    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    189 0.605451    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=105179 Ack=105334 Win=41624 Len=0
    190 0.606437    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 27 opnum: 8 ctx_id: 0
    191 0.611630    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 26 ctx_id: 0
    192 0.611661    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    193 0.616028    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=106658 Ack=108099 Win=4380 Len=0
    194 0.618265    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    195 0.618287    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    196 0.618399    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=109375 Ack=109578 Win=41624 Len=0
    197 0.620497    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 28 opnum: 8 ctx_id: 0
    198 0.624608    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    199 0.624636    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    200 0.629056    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=110902 Ack=112295 Win=4380 Len=0
    201 0.657610    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    202 0.657660    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    203 0.658936    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 29 opnum: 8 ctx_id: 0
    204 0.662242    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=113571 Ack=115146 Win=41603 Len=0
    205 0.667235    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 28 ctx_id: 0
    206 0.667264    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    207 0.672282    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=115146 Ack=116491 Win=4380 Len=0
    208 0.674472    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    209 0.674495    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    210 0.674557    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=117767 Ack=118066 Win=41624 Len=0
    211 0.675528    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 30 opnum: 8 ctx_id: 0
    212 0.680324    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    213 0.680354    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    214 0.685102    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=119390 Ack=121963 Win=4380 Len=0
    215 0.689017    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    216 0.689034    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    217 0.689091    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=121963 Ack=122310 Win=41624 Len=0
    218 0.690063    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 31 opnum: 8 ctx_id: 0
    219 0.695575    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 30 ctx_id: 0
    220 0.695608    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    221 0.700182    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=123634 Ack=126159 Win=4380 Len=0
    222 0.701276    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    223 0.701293    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    224 0.701650    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=126159 Ack=126554 Win=41624 Len=0
    225 0.702550    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 32 opnum: 8 ctx_id: 0
    226 0.706873    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    227 0.706903    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    228 0.712032    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=127878 Ack=129079 Win=4380 Len=0
    229 0.716726    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    230 0.716751    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    231 0.716883    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=130355 Ack=130798 Win=41624 Len=0
    232 0.717855    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 33 opnum: 8 ctx_id: 0
    233 0.722440    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 32 ctx_id: 0
    234 0.722469    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    235 0.727076    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=132122 Ack=134551 Win=4380 Len=0
    236 0.728323    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    237 0.728340    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    238 0.728450    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=134551 Ack=135042 Win=41624 Len=0
    239 0.729425    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 34 opnum: 8 ctx_id: 0
    240 0.734483    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    241 0.734513    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    242 0.739027    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=136366 Ack=138747 Win=4380 Len=0
    243 0.743805    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    244 0.745557    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    245 0.745594    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 35 opnum: 8 ctx_id: 0
    246 0.745797    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=138747 Ack=139286 Win=41664 Len=0
    247 0.751271    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 34 ctx_id: 0
    248 0.751315    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    249 0.756131    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=140610 Ack=141667 Win=4380 Len=0
    250 0.758358    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    251 0.758396    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    252 0.758478    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=142943 Ack=143530 Win=41624 Len=0
    253 0.759453    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 36 opnum: 8 ctx_id: 0
    254 0.765750    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    255 0.765794    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    256 0.770175    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=144854 Ack=145863 Win=4380 Len=0
    257 0.775105    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    258 0.775127    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    259 0.775918    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=147139 Ack=147774 Win=41624 Len=0
    260 0.776486    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 37 opnum: 8 ctx_id: 0
    261 0.781074    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 36 ctx_id: 0
    262 0.781111    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    263 0.785349    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=149098 Ack=150059 Win=4380 Len=0
    264 0.788255    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    265 0.788277    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    266 0.788307    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=151335 Ack=152018 Win=41664 Len=0
    267 0.789281    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 38 opnum: 8 ctx_id: 0
    268 0.794246    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    269 0.794281    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    270 0.799301    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=153342 Ack=154255 Win=4380 Len=0
    271 0.804689    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    272 0.804711    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    273 0.804744    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=155531 Ack=156262 Win=41624 Len=0
    274 0.805720    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 39 opnum: 8 ctx_id: 0
    275 0.810715    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 38 ctx_id: 0
    276 0.810750    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    277 0.815079    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=157586 Ack=158451 Win=4380 Len=0
    278 0.817341    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    279 0.818948    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    280 0.818969    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 40 opnum: 8 ctx_id: 0
    281 0.818989    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=159727 Ack=160506 Win=41664 Len=0
    282 0.824069    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    283 0.824106    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    284 0.828187    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=161830 Ack=162647 Win=4380 Len=0
    285 0.833870    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    286 0.833897    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    287 0.833926    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=163923 Ack=164750 Win=41664 Len=0
    288 0.857537    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 41 opnum: 8 ctx_id: 0
    289 0.865095    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 40 ctx_id: 0
    290 0.865149    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    291 0.870281    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=166074 Ack=166843 Win=4380 Len=0
    292 0.872336    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    293 0.872356    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    294 0.872414    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=168119 Ack=168994 Win=41624 Len=0
    295 0.874466    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 42 opnum: 8 ctx_id: 0
    296 0.879091    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    297 0.879126    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    298 0.883358    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=170318 Ack=171039 Win=4380 Len=0
    299 0.889336    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    300 0.889363    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    301 0.889500    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=172315 Ack=173238 Win=41624 Len=0
    302 0.890475    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 43 opnum: 8 ctx_id: 0
    303 0.896076    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 42 ctx_id: 0
    304 0.896109    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    305 0.900427    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=174562 Ack=175235 Win=4380 Len=0
    306 0.902856    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    307 0.904285    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    308 0.904311    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 44 opnum: 8 ctx_id: 0
    309 0.904449    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=176511 Ack=177482 Win=41664 Len=0
    310 0.909601    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    311 0.909643    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    312 0.915109    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=178806 Ack=180707 Win=4380 Len=0
    313 0.919928    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    314 0.919964    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    315 0.919995    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=180707 Ack=181726 Win=41624 Len=0
    316 0.920979    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 45 opnum: 8 ctx_id: 0
    317 0.925794    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 44 ctx_id: 0
    318 0.925829    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    319 0.931484    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=183050 Ack=183627 Win=4380 Len=0
    320 0.933345    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    321 0.933364    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    322 0.933395    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=184903 Ack=185970 Win=41664 Len=0
    323 0.934375    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 46 opnum: 8 ctx_id: 0
    324 0.941423    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    325 0.941462    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    326 0.946097    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=187294 Ack=189099 Win=4380 Len=0
    327 0.951723    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    328 0.951752    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    329 0.951785    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=189099 Ack=190214 Win=41624 Len=0
    330 0.952761    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 47 opnum: 8 ctx_id: 0
    331 0.958879    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 46 ctx_id: 0
    332 0.958917    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    333 0.964062    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=191538 Ack=192019 Win=4380 Len=0
    334 0.966283    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    335 0.966307    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    336 0.966336    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=193295 Ack=194458 Win=41624 Len=0
    337 0.968430    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 48 opnum: 8 ctx_id: 0
    338 0.972936    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724c
    339 0.972973    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    340 0.977109    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=195782 Ack=196215 Win=4380 Len=0
    341 0.981692    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 49 opnum: 29 ctx_id: 0
    342 0.981812    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 49 ctx_id: 0
    343 0.985307    192.168.40.46         192.168.40.2          SMB      Close
Request, FID: 0x724c
    344 0.985406    192.168.40.2          192.168.40.46         SMB      Close
Response
    345 1.002377    192.168.40.46         192.168.40.2          SMB      NT
Create AndX Request, FID: 0x724f, Path: \spoolss
    346 1.002522    192.168.40.2          192.168.40.46         SMB      NT
Create AndX Response, FID: 0x724f
    347 1.005342    192.168.40.46         192.168.40.2          SMB      Trans2
Request, QUERY_FILE_INFO, FID: 0x724f, Query File Standard Info
    348 1.005404    192.168.40.2          192.168.40.46         SMB      Trans2
Response, FID: 0x724f, QUERY_FILE_INFO
    349 1.008716    192.168.40.46         192.168.40.2          DCERPC   Bind:
call_id: 1, 2 context items, 1st SPOOLSS V1.0
    350 1.008797    192.168.40.2          192.168.40.46         SMB      Write
AndX Response, FID: 0x724f, 116 bytes
    351 1.012007    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x724f, 1024 bytes at offset 0
    352 1.012072    192.168.40.2          192.168.40.46         DCERPC  
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
    353 1.016831    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    354 1.018438    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    355 1.018453    192.168.40.46         192.168.40.2          SPOOLSS 
OpenPrinterEx request, \\CORN\rawPrinter
    356 1.018470    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=198047 Ack=199308 Win=41664 Len=0
    357 1.018803    192.168.40.2          192.168.40.46         SPOOLSS 
OpenPrinterEx response
    358 1.023767    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    359 1.023804    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    360 1.023906    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=198155 Ack=202398 Win=41624 Len=0
    361 1.024887    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 4
    362 1.027236    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724f
    363 1.030310    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x724f, 3112 bytes at offset 0
    364 1.030379    192.168.40.2          192.168.40.46         SMB      Read
AndX Response, FID: 0x724f, 3112 bytes
    365 1.030410    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    366 1.045975    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=203785 Ack=202414 Win=4380 Len=0
    367 1.057272    192.168.40.46         192.168.40.2          SMB      NT
Create AndX Request, FID: 0x7250, Path: \spoolss
    368 1.057514    192.168.40.2          192.168.40.46         SMB      NT
Create AndX Response, FID: 0x7250
    369 1.060691    192.168.40.46         192.168.40.2          DCERPC   Bind:
call_id: 1, 2 context items, 1st SPOOLSS V1.0
    370 1.060858    192.168.40.2          192.168.40.46         SMB      Write
AndX Response, FID: 0x7250, 116 bytes
    371 1.063225    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x7250, 1024 bytes at offset 0
    372 1.063308    192.168.40.2          192.168.40.46         DCERPC  
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
    373 1.066368    192.168.40.46         192.168.40.2          SPOOLSS 
OpenPrinterEx request, \\CORN\rawPrinter
    374 1.066719    192.168.40.2          192.168.40.46         SPOOLSS 
OpenPrinterEx response
    375 1.069332    192.168.40.46         192.168.40.2          SPOOLSS 
EnumForms request, level 2
    376 1.069450    192.168.40.2          192.168.40.46         SPOOLSS 
EnumForms response, level 2[Malformed Packet]
    377 1.072267    192.168.40.46         192.168.40.2          SPOOLSS 
EnumForms request, level 1
    378 1.072429    192.168.40.2          192.168.40.46         SPOOLSS 
EnumForms response, level 1, Insufficient buffer
    379 1.077031    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    380 1.077059    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    381 1.077205    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=203051 Ack=207644 Win=41624 Len=0
    382 1.078179    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 4 opnum: 34 ctx_id: 0 [DCE/RPC first fragment, reas: #386]
    383 1.078247    192.168.40.2          192.168.40.46         SMB      Write
AndX Response, FID: 0x7250, 4280 bytes
    384 1.081950    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    385 1.085141    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    386 1.085157    192.168.40.46         192.168.40.2          SPOOLSS 
EnumForms request, level 1
    387 1.085208    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=203102 Ack=211992 Win=41664 Len=0
    388 1.085630    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x7250
    389 1.089641    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x7250, 3256 bytes at offset 0
    390 1.089715    192.168.40.2          192.168.40.46         SMB      Read
AndX Response, FID: 0x7250, 3256 bytes
    391 1.089739    192.168.40.2          192.168.40.46         NBSS     Session
message
    392 1.095306    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=212271 Ack=207505 Win=4380 Len=0
    393 1.095345    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x7250, 4280 bytes at offset 0
    394 1.095618    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 4 ctx_id: 0 [DCE/RPC last fragment][Packet size limited
during capture]
    395 1.095651    192.168.40.2          192.168.40.46         NBSS     Session
message
    396 1.100253    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=212334 Ack=210600 Win=4380 Len=0
    397 1.100284    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinterData request, DriverPolicy
    398 1.103251    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x7250
    399 1.150697    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    400 1.150746    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinterDriver2 request, OpenPrinterEx(\\CORN\rawPrinter), level 6
    401 1.150877    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=211724 Ack=214762 Win=41629 Len=0
    402 1.153560    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x7250
    403 1.153580    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    404 1.158511    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=214762 Ack=213880 Win=4380 Len=0
    405 1.159517    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    406 1.161046    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    407 1.161112    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=213880 Ack=216958 Win=41664 Len=0
    408 1.165602    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 4 ctx_id: 0 [DCE/RPC first fragment]
    409 1.165629    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    410 1.170331    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=216958 Ack=216028 Win=4380 Len=0
    411 1.170362    192.168.40.46         192.168.40.2          SPOOLSS 
ClosePrinter request, OpenPrinterEx(\\CORN\rawPrinter)
    412 1.170476    192.168.40.2          192.168.40.46         SPOOLSS 
ClosePrinter response
    413 1.174272    192.168.40.46         192.168.40.2          SMB      Close
Request, FID: 0x7250
    414 1.174381    192.168.40.2          192.168.40.46         SMB      Close
Response, FID: 0x7250
    415 1.178137    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    416 1.185481    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724f
    417 1.191104    192.168.40.46         192.168.40.2          SMB      NT
Create AndX Request, FID: 0x7251, Path: \spoolss
    418 1.230649    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=217575 Ack=218689 Win=41663 Len=0
    419 1.277782    192.168.40.2          192.168.40.46         SMB      NT
Create AndX Response, FID: 0x7251
    420 1.280815    192.168.40.46         192.168.40.2          DCERPC   Bind:
call_id: 1, 2 context items, 1st SPOOLSS V1.0
    421 1.280929    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=217714 Ack=218873 Win=41664 Len=0
    422 1.281036    192.168.40.2          192.168.40.46         SMB      Write
AndX Response, FID: 0x7251, 116 bytes
    423 1.284284    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x7251, 1024 bytes at offset 0
    424 1.284413    192.168.40.2          192.168.40.46         DCERPC  
Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280
    425 1.287843    192.168.40.46         192.168.40.2          SPOOLSS 
OpenPrinterEx request, \\CORN\rawPrinter
    426 1.288865    192.168.40.2          192.168.40.46         SPOOLSS 
OpenPrinterEx response
    427 1.292489    192.168.40.46         192.168.40.2          SPOOLSS 
EnumForms request, level 2
    428 1.292671    192.168.40.2          192.168.40.46         SPOOLSS 
EnumForms response, level 2[Malformed Packet]
    429 1.295277    192.168.40.46         192.168.40.2          SPOOLSS 
EnumForms request, level 1
    430 1.295537    192.168.40.2          192.168.40.46         SPOOLSS 
EnumForms response, level 1, Insufficient buffer
    431 1.299053    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    432 1.299086    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    433 1.299275    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=218212 Ack=222442 Win=41624 Len=0
    434 1.300254    192.168.40.46         192.168.40.2          DCERPC  
Request: call_id: 4 opnum: 34 ctx_id: 0 [DCE/RPC first fragment, reas: #438]
    435 1.300345    192.168.40.2          192.168.40.46         SMB      Write
AndX Response, FID: 0x7251, 4280 bytes
    436 1.304004    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    437 1.304036    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    438 1.304049    192.168.40.46         192.168.40.2          SPOOLSS 
EnumForms request, level 1
    439 1.304208    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=218263 Ack=227006 Win=41615 Len=0
    440 1.304612    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x7251
    441 1.308260    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x7251, 3256 bytes at offset 0
    442 1.309801    192.168.40.2          192.168.40.46         SMB      Read
AndX Response, FID: 0x7251, 3256 bytes
    443 1.309841    192.168.40.2          192.168.40.46         NBSS     Session
message
    444 1.314107    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=227069 Ack=222666 Win=4380 Len=0
    445 1.314146    192.168.40.46         192.168.40.2          SMB      Read
AndX Request, FID: 0x7251, 4280 bytes at offset 0
    446 1.314250    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 4 ctx_id: 0 [DCE/RPC last fragment][Packet size limited
during capture]
    447 1.314283    192.168.40.2          192.168.40.46         NBSS     Session
message
    448 1.319136    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=227132 Ack=225586 Win=4380 Len=0
    449 1.320898    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinterData request, DriverPolicy
    450 1.325622    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x7251
    451 1.330052    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    452 1.330106    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinterDriver2 request, OpenPrinterEx(\\CORN\rawPrinter), level 6
    453 1.332777    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=226885 Ack=229560 Win=41629 Len=0
    454 1.336101    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x7251
    455 1.336134    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    456 1.340311    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=229560 Ack=229041 Win=4380 Len=0
    457 1.340361    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    458 1.341426    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    459 1.341488    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=229041 Ack=231756 Win=41664 Len=0
    460 1.347994    192.168.40.2          192.168.40.46         DCERPC  
Response: call_id: 4 ctx_id: 0 [DCE/RPC first fragment]
    461 1.348026    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    462 1.352066    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=231756 Ack=231189 Win=4380 Len=0
    463 1.352118    192.168.40.46         192.168.40.2          SPOOLSS 
ClosePrinter request, OpenPrinterEx(\\CORN\rawPrinter)
    464 1.352286    192.168.40.2          192.168.40.46         SPOOLSS 
ClosePrinter response
    465 1.355312    192.168.40.46         192.168.40.2          SMB      Close
Request, FID: 0x7251
    466 1.355523    192.168.40.2          192.168.40.46         SMB      Close
Response, FID: 0x7251
    467 1.359978    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    468 1.360034    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    469 1.360115    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=231336 Ack=234853 Win=41624 Len=0
    470 1.361095    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    471 1.367772    192.168.40.2          192.168.40.46         SPOOLSS 
GetPrinter response, level 4
    472 1.367816    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    473 1.372052    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=236177 Ack=234256 Win=4380 Len=0
    474 1.377397    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    475 1.377452    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    476 1.377529    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=235532 Ack=239097 Win=41624 Len=0
    477 1.378507    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    478 1.384936    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724f
    479 1.384979    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    480 1.390270    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=240421 Ack=238452 Win=4380 Len=0
    481 1.392365    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    482 1.392404    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    483 1.392474    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=239728 Ack=243341 Win=41624 Len=0
    484 1.393452    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    485 1.402976    192.168.40.2          192.168.40.46         SPOOLSS 
GetPrinter response, level 2
    486 1.403018    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    487 1.407124    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=244665 Ack=242648 Win=4380 Len=0
    488 1.413401    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    489 1.413458    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    490 1.413538    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=243924 Ack=247585 Win=41624 Len=0
    491 1.414515    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    492 1.422727    192.168.40.2          192.168.40.46         SMB Pipe
TransactNmPipe Response, FID: 0x724f
    493 1.422768    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message
    494 1.427092    192.168.40.46         192.168.40.2          TCP      58439
> microsoft-ds [ACK] Seq=248909 Ack=246844 Win=4380 Len=0
    495 1.429404    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    496 1.430888    192.168.40.46         192.168.40.2          TCP      [TCP
segment of a reassembled PDU]
    497 1.430918    192.168.40.46         192.168.40.2          SPOOLSS 
GetPrinter request, level 2
    498 1.430983    192.168.40.2          192.168.40.46         TCP     
microsoft-ds > 58439 [ACK] Seq=248120 Ack=251829 Win=41664 Len=0
    499 1.437383    192.168.40.2          192.168.40.46         SPOOLSS 
GetPrinter response, level 2
    500 1.437427    192.168.40.2          192.168.40.46         NBSS     NBSS
Continuation Message

Volker Lendecke

2009-Sep-07 00:03 UTC

head link

[Samba] smbd uses 10 to 15% CPU w/Vista client

On Sun, Sep 06, 2009 at 04:01:38PM -0700, Ross Boylan
wrote:> Below is my smb.conf and then an excerpt from wireshark:
Unfortunately the wireshark output is not helpful.
Information on how to create useful network traces can be
found under http://wiki.samba.org/index.php/Capture_Packets.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20090907/a5c0c5d1/attachment.pgp>

Volker Lendecke

2009-Sep-07 22:26 UTC

head link

[Samba] smbd uses 10 to 15% CPU w/Vista client

On Sun, Sep 06, 2009 at 07:56:03PM -0700, Ross Boylan
wrote:> On Mon, 2009-09-07 at 02:03 +0200, Volker Lendecke wrote:
> > On Sun, Sep 06, 2009 at 04:01:38PM -0700, Ross Boylan wrote:
> > > Below is my smb.conf and then an excerpt from wireshark:
> > 
> > Unfortunately the wireshark output is not helpful.
> > Information on how to create useful network traces can be
> > found under http://wiki.samba.org/index.php/Capture_Packets.
> > 
> > Volker
> I've attached a zipped version limited to those port.  I was concerned
> that it was too big and might be filtered out.
> 
> I could open a bug, but I don't know that it is one.
Ok, that's the client continuously querying printer
properties. Not sure how to fix that.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20090908/93dbf810/attachment.pgp>

Reasonably Related Threads

Search for more apparently analagous threads

samba - Sep 2009 - smbd uses 10 to 15% CPU w/Vista client

[Samba] smbd uses 10 to 15% CPU w/Vista client

[Samba] smbd uses 10 to 15% CPU w/Vista client

[Samba] smbd uses 10 to 15% CPU w/Vista client

Reasonably Related Threads