[jcifs] jcifs and packet monitoring

Mohan Radhakrishnan mohanr at fss.co.in
Sun Feb 27 22:52:42 MST 2011 

Hi,

     Due to PCI regulations and data center restrictions Wireshark is not allowed. This code spits out enormous amounts of packet information and cannot be selectively set for a particular share access.

That is the problem. I think I need a packet guide to decipher this !!

As far as the security auditing is concerned the Windows admin. is quite uncooperative  :-(

    /*
     * Set the JCIFS logs level. This is enabled as a -D switch
     * so that a log file is generated. This file contains low-level packet
     * details of a shared folder access.
     */
    private void setJcifsLogLevel() throws FileNotFoundException{

		PrintStream ps = new PrintStream( new File( "jcifslog" ));

		jcifs.util.LogStream.setInstance( ps );


    }

Thanks,
Mohan

-----Original Message-----
From: Michael B Allen [mailto:ioplex at gmail.com] 
Sent: Friday, February 25, 2011 11:30 PM
To: Mohan Radhakrishnan
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] jcifs and packet monitoring

Hi Mohan,

WireShark is a very good network capture / analysis tool.

But if you are getting an Access denied, you should try posting a
stack trace to the list and explain the conditions under which it
occurs. It is very unusual for that sort of thing to happen
sporadically as you describe but I would have to understand what your
code is doing to give even make a wild guess as to what the problem
might be.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/



On Wed, Feb 23, 2011 at 1:41 AM, Mohan Radhakrishnan <mohanr at fss.co.in> wrote:
> Hi,
>    I came across this link http://support.microsoft.com/kb/300549 about
> security auditing to trace CIFS failures.
>
> What type of Windows Packet monitors are recommended to trace 'Access
> denied' errors ? These errors appear and vanish frequently seemingly
> without any reason.
>
> We used to think that the login into the domain controller is being
> rejected due to load and then accepted.
>
> I am aware of the debug option and wireshark but this is our prod.
> Systems. So we don't want to use it.
>
> Thanks,
> Mohan
>

More information about the jCIFS mailing list