IPC$ (2nd try)

Mayers, Philip J p.mayers at ic.ac.uk
Sun Nov 26 16:39:11 GMT 2000

Why is it even a problem? I've seen Win2K do multiple sesssetupandX's in
extended security mode. Who cares? Who knows? Not having the source for
Windows, I couldn't begin to guess, or care.

*Is* this a problem, or are you just curious?

FWIW, It's probably doing a NetShareEnum or NetShareGetRandomInfo or
some-such crap. Those calls are sent over the IPC$ pipe. What goes over the
TID, if anything? The reason it's probably doing multiple TCONs is that
different parts of the code don't know the TID that other parts of the code
already have open, so they're just opening another one. It shouldn't be a

If you're willing to provide an Ethereal-compatible packet trace, I'll take
a look.


| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |

-----Original Message-----
From: Samar Sharma [mailto:ssharma at cisco.com]
Sent: 25 November 2000 23:36
To: Govinda Sharma; gcarter at valinux.com
Cc: samba-technical at samba.org
Subject: Re: IPC$ (2nd try)

Trying again.....

Could someone please help


At 05:50 AM 11/23/00 +0000, Govinda Sharma wrote:

>> >
>> > I am using a sniffer to observe the SMB packets.
>> >
>> > I find that windows client makes multiple TREE_CONNECTS
>> > to the IPC$ share prior to an actual TREE_CONNECT to
>> > the mapped share and also prior to opening a file.
>> > Does anyone know what do these TREE_CONNECTS to the IPC$
>> > share achieve ?
>>The IPC$ share is a built in share for an SMB server which
>>clients can connect to in order to perform session level
>>validation.  This then allows other remote administration
>>commands (including the ability to support named pipes
>>over IPC$).
>But then why does the client do multiple TREE_CONNECT to the IPC$ share on 
>the server ? It does these after the SESSION_SETUP is over.
>Specifically, I observe the following on the sniffer (after NEGOTIATE
>and SETUP have been done):
>[1] multiple TREE_CONNECT requests to the IPC$
>[2] TREE_CONNECT request to the [test] share (e: on client is
>    being mapped to [test] on the server)
>[3] multiple TREE_CONNECT requests to the IPC$
>I don't understand why the client is doing steps [1] and [3].
>> > Furthermore, Samba returns a DIFFERENT Tid for each TREE_CONNECT
>> > request to the IPC$ share. Is that required by the client ?
>>the Tree connection ID for each resouce connection should be
>>an ID used on a per session basis.
>>Cheers, jerry
>>    /\  Gerald (Jerry) Carter                     Professional Services
>>  \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
>>        http://www.samba.org/       SAMBA Team          jerry at samba.org
>>        http://www.plainjoe.org/                     jerry at plainjoe.org
>>        "...a hundred billion castaways looking for a home."
>>                                 - Sting "Message in a Bottle" ( 1979 )
>Get more from the Web.  FREE MSN Explorer download :

More information about the samba-technical mailing list