<div dir="ltr"><div style><div>Hi, </div><div><br></div><div>We are experiencing strange behavior with CIFS server. </div><div><br></div><div>CIFS server is dropping connection after serving data repeatedly.</div><div><br>
</div><div>CIFS server is sending FIN/RST packet from CIFS server.</div><div><br></div><div style>There are two requests CIFS server is getting from client</div><div style><1> QUERY_INFO , QUERY_PATH_INFO [ls command]</div>
<div style><2> WRITE_ANDX </div><div><br></div><div style>After receiving ANDX requests, it servers QUERY_PATH_INFO and then it sends FIN and RST packet to client. This behaviour gets repeated. As for every request from cifs client, connection is getting setup after RST, it takes time to get data on cifs client. Like command execution of ls is very slow. It takes 10-15 seconds to get output of ls . </div>
<div style><br></div><div style><br></div><div style>SMB signing is off on server.</div><div><br></div><div>Tcpdump while doing communication is as follows: </div><div>============================================================</div>
<div>280<span class="" style="white-space:pre"> </span>145.554664<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>117<span class="" style="white-space:pre"> </span>Negotiate Protocol Request</div>
<div><br></div><div>281<span class="" style="white-space:pre"> </span>145.554757<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>[TCP Window Update] microsoft-ds > 37580 [ACK] Seq=1 Ack=1 Win=1049792 Len=0 TSval=2945122452 TSecr=678854387</div>
<div><br></div><div>282<span class="" style="white-space:pre"> </span>145.555039<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>258<span class="" style="white-space:pre"> </span>Negotiate Protocol Response</div>
<div><br></div><div>283<span class="" style="white-space:pre"> </span>145.555044<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>37580 > microsoft-ds [ACK] Seq=52 Ack=193 Win=7168 Len=0 TSval=678854387 TSecr=2945122452</div>
<div><br></div><div>284<span class="" style="white-space:pre"> </span>145.555077<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>302<span class="" style="white-space:pre"> </span>Session Setup AndX Request, NTLMSSP_NEGOTIATE</div>
<div><br></div><div>285<span class="" style="white-space:pre"> </span>145.556114<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>334<span class="" style="white-space:pre"> </span>Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED</div>
<div><br></div><div>286<span class="" style="white-space:pre"> </span>145.556155<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>556<span class="" style="white-space:pre"> </span>Session Setup AndX Request, NTLMSSP_AUTH, User: PAYCHEX\_EASA_P</div>
<div><br></div><div>287<span class="" style="white-space:pre"> </span>145.561173<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=461 Ack=778 Win=1049792 Len=0 TSval=2945122453 TSecr=678854388</div>
<div><br></div><div>288<span class="" style="white-space:pre"> </span>145.607085<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>152<span class="" style="white-space:pre"> </span>Session Setup AndX Response</div>
<div><br></div><div>289<span class="" style="white-space:pre"> </span>145.607111<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>164<span class="" style="white-space:pre"> </span>Tree Connect AndX Request, Path: \\10.2.47.4\kazindex</div>
<div><br></div><div>290<span class="" style="white-space:pre"> </span>145.608136<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>132<span class="" style="white-space:pre"> </span>Tree Connect AndX Response</div>
<div><br></div><div>291<span class="" style="white-space:pre"> </span>145.608250<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>296<span class="" style="white-space:pre"> </span>NT Create AndX Request, FID: 0x0001, Path: \application\customize\db\data\base\10819\pg_internal.init.9135</div>
<div><br></div><div>292<span class="" style="white-space:pre"> </span>145.609163<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>173<span class="" style="white-space:pre"> </span>NT Create AndX Response, FID: 0x0001</div>
<div><br></div><div>293<span class="" style="white-space:pre"> </span>145.609168<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>166<span class="" style="white-space:pre"> </span>Tree Connect AndX Request, Path: \\10.2.47.4\holder</div>
<div><br></div><div>294<span class="" style="white-space:pre"> </span>145.609944<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>132<span class="" style="white-space:pre"> </span>Tree Connect AndX Response</div>
<div><br></div><div>295<span class="" style="white-space:pre"> </span>145.610053<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>154<span class="" style="white-space:pre"> </span>Trans2 Request, FIND_FIRST2, Pattern: \*</div>
<div><br></div><div>296<span class="" style="white-space:pre"> </span>145.610319<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>1514<span class="" style="white-space:pre"> </span>Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path: \sideline\fs_1073872904\search\index_0\Groupings</div>
<div><br></div><div>297<span class="" style="white-space:pre"> </span>145.610524<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=786 Ack=2742 Win=1048320 Len=0 TSval=2945122457 TSecr=678854442</div>
<div><br></div><div>298<span class="" style="white-space:pre"> </span>145.610536<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>4410<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>299<span class="" style="white-space:pre"> </span>145.610719<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=786 Ack=5638 Win=1048320 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>300<span class="" style="white-space:pre"> </span>145.610725<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>4410<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>301<span class="" style="white-space:pre"> </span>145.610744<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=786 Ack=7086 Win=1049792 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>302<span class="" style="white-space:pre"> </span>145.610749<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>2962<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>303<span class="" style="white-space:pre"> </span>145.610901<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=786 Ack=9982 Win=1046848 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>304<span class="" style="white-space:pre"> </span>145.610905<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>2962<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>305<span class="" style="white-space:pre"> </span>145.610907<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>1094<span class="" style="white-space:pre"> </span>Write AndX Request, FID: 0x0001, 16128 bytes at offset 0 [FID: 0x0001 (\application\customize\db\data\base\10819\pg_internal.init.9135)]</div>
<div><br></div><div>306<span class="" style="white-space:pre"> </span>145.610951<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=786 Ack=12878 Win=1043968 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>307<span class="" style="white-space:pre"> </span>145.610959<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=786 Ack=14326 Win=1049792 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>308<span class="" style="white-space:pre"> </span>145.611075<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>1514<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>309<span class="" style="white-space:pre"> </span>145.611080<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>1514<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>310<span class="" style="white-space:pre"> </span>145.611082<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>422<span class="" style="white-space:pre"> </span>Trans2 Response, FIND_FIRST2, Files: . .. cd sideline search cdlinks Testing Murphy export files .kazeon .fsid cache Razo, Victor duplication restoresymtable.hdr db Direct Processing 7114</div>
<div><br></div><div>311<span class="" style="white-space:pre"> </span>145.611087<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>37580 > microsoft-ds [ACK] Seq=18250 Ack=3682 Win=13824 Len=0 TSval=678854443 TSecr=2945122457</div>
<div><br></div><div>312<span class="" style="white-space:pre"> </span>145.611163<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>202<span class="" style="white-space:pre"> </span>Trans2 Response, QUERY_PATH_INFO</div>
<div><br></div><div>313<span class="" style="white-space:pre"> </span>145.611168<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=4174 Ack=17222 Win=1046848 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>314<span class="" style="white-space:pre"> </span>145.611171<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [ACK] Seq=4174 Ack=18250 Win=1049536 Len=0 TSval=2945122457 TSecr=678854443</div>
<div><br></div><div>315<span class="" style="white-space:pre"> </span>145.611172<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>37580 > microsoft-ds [ACK] Seq=18250 Ack=4174 Win=19968 Len=0 TSval=678854443 TSecr=2945122457</div>
<div><br></div><div>316<span class="" style="white-space:pre"> </span>145.611243<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>138<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>317<span class="" style="white-space:pre"> </span>145.611589<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [FIN, ACK] Seq=4174 Ack=18322 Win=1049792 Len=0 TSval=2945122458 TSecr=678854443</div>
<div><br></div><div>318<span class="" style="white-space:pre"> </span>145.651538<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>37580 > microsoft-ds [ACK] Seq=18322 Ack=4175 Win=19968 Len=0 TSval=678854484 TSecr=2945122458</div>
<div><br></div><div>319<span class="" style="white-space:pre"> </span>157.333117<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>144<span class="" style="white-space:pre"> </span>[TCP segment of a reassembled PDU]</div>
<div><br></div><div>320<span class="" style="white-space:pre"> </span>157.333264<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>60<span class="" style="white-space:pre"> </span>microsoft-ds > 37580 [RST] Seq=4175 Win=0 Len=0</div>
<div><br></div><div>..............</div><div>341<span class="" style="white-space:pre"> </span>213.077932<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>74<span class="" style="white-space:pre"> </span>39921 > microsoft-ds [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSval=678921910 TSecr=0 WS=512</div>
<div><br></div><div>342<span class="" style="white-space:pre"> </span>213.078113<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>74<span class="" style="white-space:pre"> </span>microsoft-ds > 39921 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1 TSval=1263214265 TSecr=678921910</div>
<div><br></div><div>343<span class="" style="white-space:pre"> </span>213.078124<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>TCP<span class="" style="white-space:pre"> </span>66<span class="" style="white-space:pre"> </span>39921 > microsoft-ds [ACK] Seq=1 Ack=1 Win=6144 Len=0 TSval=678921910 TSecr=1263214265</div>
<div><br></div><div>344<span class="" style="white-space:pre"> </span>213.078162<span class="" style="white-space:pre"> </span>10.2.1.128<span class="" style="white-space:pre"> </span>10.2.47.4<span class="" style="white-space:pre"> </span>SMB<span class="" style="white-space:pre"> </span>117<span class="" style="white-space:pre"> </span>Negotiate Protocol Request</div>
<div>==============================================================</div><div><br></div><div style>Thanks,</div><div style>Rahul</div></div></div>