Need information related to SMB session setup Andx.

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Sep 6 08:48:49 CEST 2013

On Fri, Sep 06, 2013 at 06:09:31AM +0000, Tayade, Nilesh wrote:
> I understood that over the TCP session we have user specific logon session.
> So once the TCP socket is opened - SMB packets are
> exchanged and Session-setup Andx request/response will
> establish the User session.
> I have a query related to setting up the session. Once the
> user is authenticated and Tree connect is also done
> successfully - why there is it required to re-establish
> the user session?
> I captured some of the SMB session packets and I am seeing
> session-setup andx request/response, some SMB packets are
> exchanged and then again session-setup andx
> request/response on the same TCP socket.
> So why is it required to re-authenticate the user after
> some interval? Is this server specific functionality to
> ask user authentication over some time intervals?

It's possible to have multiple user identities
simultaneously using one TCP connection. Typically this is a
fully authenticated user together with a NULL or guest
identity, used for different purposes. Maybe you are seeing


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt at

visit us on it-sa:IT security exhibitions in Nürnberg, Germany
October 8th - 10th 2013, hall 12, booth 333
free tickets available via code 270691 on:

More information about the samba-technical mailing list