SMBClient - Messenger service

Christopher R. Hertel crh at ubiqx.mn.org
Tue Oct 22 16:15:32 GMT 2002 

The question below is a good one.  Windows sends message service 
(WinPopUp) messages in a single SMB packet.  SMBClient uses three packets.
The highly edited Ethereal output is below:

No. Source   Destination Protocol Info
  4 Linux    Win95       NBSS     Session request, to WIN95<03> from LINUX<00>
  5 Win95    Linux       NBSS     Positive session response
  7 Linux    Win95       SMB      Send Start of Multi-block Message Request
  9 Win95    Linux       SMB      Send Start of Multi-block Message Response
 10 Linux    Win95       SMB      Send Text of Multi-block Message Request
 12 Win95    Linux       SMB      Send Text of Multi-block Message Response
 13 Linux    Win95       SMB      Send End of Multi-block Message Request
 15 Win95    Linux       SMB      Send End of Multi-block Message Response

 25 Winnt    Win95       NBSS     Session request, to WIN95<03> from WINNT<01>
 26 Win95    Winnt       NBSS     Positive session response
 28 Winnt    Win95       SMB      Send Single Block Message Request
 30 Win95    Winnt       SMB      Send Single Block Message Response

The interesting things are:

- WindowsNT registers and uses the machine<01> name as the source name
  for the messanger service, but smbclient uses the machine<00> name.
  Curiously, Windows2K uses the machine<03> name as the source name.
  Wierd.

- Ethereal version 0.9.6 isn't able to parse the "Send Text of Multi-block
  Message Request" message sent by smbclient.  It says:
    Word Count (WCT): 1
    Byte Count (BCC): 2
    Buffer Format: Unknown (8)

  It looks to me as though the word count and byte count are just plain
  wrong.  I'll have to take a look when I get a chance.  I remember some 
  discussion about the messanger service so this may have been fixed 
  recently.

- NT4 requires only two SMB messages to do the job, while smbclient
  generates six.

- The Messanger Service is not documented in the Leach draft and I don't 
  see it in the SNIA doc either.  I'm not sure where to look so if anyone
  has any clues...

I'm interested in this (obviously).  I'm wondering if someone has pointers
to docs.  I'm curious to know why the multi-block method (SMBsendstrt,
SMBsendtxt, SMBsendend) was chosen over the single block (SMBsends).  I
also need to see if/why smbclient is getting the block sizes wrong.

Oh, by the way, I'm getting SEGV when I try to test this using smbclient 
from 2.2.6.  Anyone else see this?

Chris -)-----

On Tue, Oct 22, 2002 at 10:08:21AM +0100, Nuno Cardoso wrote:
> Hi.
>
> When I use "net send ..." command in windows to send a Winpopup message
> to other host, the SMB Command associate to this message is single block
> message (0xD0). To do this, it is only necessary sends one SMB "frame" 
> to the other host.
> 

> When I use SMBClient (samba), the SMB Command associate is multi-block
> message (fist it is necessary sends the start comand 0xD5, then a text
> comand 0xD7 and finally the end 0xD6). To do this, It is necessary sends
> 3 SMB "frames".
> 
> Why SMBClient sends winpopup messages with multi-block message, and not
> single block message????
> Where I use multi and where I use single message block???
> 
> Nuno Cardoso.  

-- 
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list