Samba causing problems with NT tools

Chuck Berg chberg5 at collins.rockwell.com
Mon Jun 14 22:46:55 GMT 1999


Samba is causing a couple huge problems for the NT admins here since we
switched a bunch of machines to security=server and started running nmbd.
We're running Samba 2.0.2 and 2.0.3 on a mix of Solaris, HP-UX, and OSF1
machines.

One, selecting a Samba server in Server Manager, then selecting Computer/
Services causes Server Manager to crash ("An application error has
occurred, blah blah, Exception: access violation, blah blah"). I've
duplicated this on several NT workstations, running SP3, 4, and 5. This is
obviously a bug in MS's software, but it also seems just as obvious that
they would have no desire to fix it. It's slightly intermittant, sometimes
I will have to try a few times, on a few different Samba servers, to get
Server Manager to crash. Usually it happens on the first shot. If this is
not easily reproducable for anyone else, I'll gladly give whatever
additional information is needed.

Two, they have some tools that touch each machine on the network (pulled
from the browse list, I suppose). They do things like read registry values,
check for installed software, or whatever it is that NT machines do
when they talk to each other. Two such tools are "Hyena", and "Sophos Anti-
Virus". When they do their thing, Samba causes two problems - when these
programs run through all the servers, it takes far longer on the Samba
severs than any of the NT servers (5-10 vs <1 second). Yes, with the
number of machines we have, this is really a problem.

There's another, even more serious, problem that I can no longer reproduce,
but maybe someone else has heard of the same thing. When running these
tools, their accounts were getting locked by NT for too many invalid
password attempts (with Samba at the same time logging that the password
server rejected the password). It seems that the Samba servers were trying
an invalid password, and after hitting 3 different servers, the accounts
got locked. 

I don't need these Samba servers to provide any useful information to the
NT people, just to not interfere with their tools. The names have to be
registered in WINS, so that both 95 and NT clients can map them as
\\barehostname\sharename.

As an attempt at a partial workaround, I put "announce as = Win95" in the
smb.conf, hoping that some of these tools would only connect to NT servers.
I don't know if this has helped things yet, but I have noticed that it
shows up as "Windows 95 Server" instead of "Windows 95 Workstation" in
server manager. Is there a reason for this? Is it possible for it to look
like a 95 workstation? I've also noticed that TAS advertises itself as
"Lanman 2.2 Server". Perhaps this would be even more likely to make the NT
stuff leave those machines alone, but Samba has no option to pretend that
it's Lanman. Would this be difficult to add?

I don't want to include hundreds of lines of worthless logs and tcpdump-smb
output, but here's a level 3 log and tcpdump-smb output for when Hyena hits
a Samba server. When I run exporter.exe, Hyena sits for a few seconds when
it hits this machine, even though it flys by when hitting the NT servers.

The server has a DNS name of hairball and a NetBIOS name of aardvark (a
name I gave it to make it come up first alphabetically, so Hyena hits it
quickly for my tests).

Here's Samba's log:
[1999/06/14 17:08:19, 3] smbd/process.c:process_smb(565)
  Transaction 1 of length 174
[1999/06/14 17:08:19, 3] smbd/process.c:switch_message(402)
  switch message SMBnegprot (pid 17400)
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [XENIX CORE]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [LANMAN1.0]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [Windows for Workgroups 3.1a]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [LM1.2X002]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [LANMAN2.1]
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(332)
  Requested protocol [NT LM 0.12]
[1999/06/14 17:08:19, 3] libsmb/namequery.c:resolve_lmhosts(546)
  resolve_name: Attempting lmhosts lookup for name CCACRNTS102<0x20>
[1999/06/14 17:08:19, 3] libsmb/namequery.c:resolve_hosts(574)
  resolve_name: Attempting host lookup for name CCACRNTS102<0x20>
[1999/06/14 17:08:19, 3] lib/util_sock.c:open_socket_out(715)
  Connecting to 131.198.225.9 at port 139
[1999/06/14 17:08:19, 3] smbd/password.c:server_cryptkey(996)
  connected to password server CCACRNTS102
[1999/06/14 17:08:19, 3] smbd/password.c:server_cryptkey(1024)
  got session
[1999/06/14 17:08:19, 3] smbd/password.c:server_cryptkey(1039)
  password server OK
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_nt1(185)
  using password server validation
[1999/06/14 17:08:19, 3] smbd/negprot.c:reply_negprot(409)
  Selected protocol NT LM 0.12
[1999/06/14 17:08:19, 3] smbd/process.c:process_smb(565)
  Transaction 2 of length 193
[1999/06/14 17:08:19, 3] smbd/process.c:switch_message(402)
  switch message SMBsesssetupX (pid 17400)
[1999/06/14 17:08:19, 3] smbd/reply.c:reply_sesssetup_and_X(675)
  Domain=[CCANET]  NativeOS=[Windows NT 1381] NativeLanMan=[]
[1999/06/14 17:08:19, 3] smbd/reply.c:reply_sesssetup_and_X(679)
  sesssetupX:name=[chberg5]
[1999/06/14 17:08:22, 3] param/loadparm.c:lp_add_home(1454)
  adding home directory chberg5 at /accts/chberg5
[1999/06/14 17:08:22, 3] smbd/password.c:setup_groups(192)
  chberg5 is in 11 groups: 8000, 23153, 23673, 0, 23244, 23225, 10, 8012, 76, 23000, 23770
[1999/06/14 17:08:22, 3] smbd/password.c:register_vuid(270)
  uid 25290 registered to name chberg5
[1999/06/14 17:08:22, 3] smbd/password.c:register_vuid(272)
  Clearing default real name
[1999/06/14 17:08:22, 3] smbd/process.c:chain_reply(715)
  Chained message
[1999/06/14 17:08:22, 3] smbd/process.c:switch_message(402)
  switch message SMBtconX (pid 17400)
[1999/06/14 17:08:22, 3] smbd/password.c:authorise_login(737)
  ACCEPTED: validated uid ok as non-guest
[1999/06/14 17:08:22, 3] smbd/service.c:make_connection(386)
  Connect path is /tmp
[1999/06/14 17:08:22, 3] lib/doscalls.c:dos_ChDir(327)
  dos_ChDir to /tmp
[1999/06/14 17:08:22, 3] lib/doscalls.c:dos_ChDir(327)
  dos_ChDir to /var/adm
[1999/06/14 17:08:22, 3] smbd/service.c:make_connection(488)
  pc114160 (131.198.69.224) connect to service IPC$ as user chberg5 (uid=25290, gid=8000) (pid 17400)
[1999/06/14 17:08:22, 3] smbd/reply.c:reply_tcon_and_X(340)
  tconX service=ipc$ user=chberg5
[1999/06/14 17:08:22, 3] smbd/process.c:process_smb(565)
  Transaction 3 of length 95
[1999/06/14 17:08:22, 3] smbd/process.c:switch_message(402)
  switch message SMBntcreateX (pid 17400)
[1999/06/14 17:08:22, 3] lib/doscalls.c:dos_ChDir(327)
  dos_ChDir to /tmp
[1999/06/14 17:08:22, 3] smbd/nttrans.c:nt_open_pipe(533)
  nt_open_pipe: Known pipe srvsvc opening.
[1999/06/14 17:08:22, 3] smbd/process.c:process_smb(565)
  Transaction 4 of length 152
[1999/06/14 17:08:22, 3] smbd/process.c:switch_message(402)
  switch message SMBtrans (pid 17400)
[1999/06/14 17:08:22, 3] smbd/ipc.c:reply_trans(3625)
  trans <\PIPE\> data=72 params=0 setup=2
[1999/06/14 17:08:22, 3] smbd/ipc.c:named_pipe(3480)
  named pipe command on <> name
[1999/06/14 17:08:22, 3] smbd/ipc.c:api_fd_reply(3264)
  Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs
[1999/06/14 17:08:22, 3] smbd/process.c:process_smb(565)
  Transaction 5 of length 164
[1999/06/14 17:08:22, 3] smbd/process.c:switch_message(402)
  switch message SMBtrans (pid 17400)
[1999/06/14 17:08:22, 3] smbd/ipc.c:reply_trans(3625)
  trans <\PIPE\> data=84 params=0 setup=2
[1999/06/14 17:08:22, 3] smbd/ipc.c:named_pipe(3480)
  named pipe command on <> name
[1999/06/14 17:08:22, 3] smbd/ipc.c:api_fd_reply(3264)
  Got API command 0x26 on pipe "srvsvc" (pnum 702e)Doing \PIPE\srvsvc
[1999/06/14 17:08:22, 3] rpc_server/srv_pipe.c:rpc_command(650)
  rpc_command: DCE/RPC fault should be sent here
[1999/06/14 17:08:22, 3] smbd/ipc.c:api_no_reply(3219)
  Unsupported API fd command
[1999/06/14 17:08:22, 3] smbd/process.c:process_smb(565)
  Transaction 6 of length 46
[1999/06/14 17:08:22, 3] smbd/process.c:switch_message(402)
  switch message SMBclose (pid 17400)

The remainder of this email is the tcpdump-smb output. I'll gladly provide
any more information that's needed. Thanks in advance for any help.

17:08:19.312570 pc114160.2229 > hairball.139: S 280314205:280314205(0) win 8192 <mss 1460> (DF)
17:08:19.312635 hairball.139 > pc114160.2229: S 1583478683:1583478683(0) ack 280314206 win 8760 <mss 1460> (DF)
17:08:19.313522 pc114160.2229 > hairball.139: . ack 1 win 8760 (DF)
17:08:19.313755 pc114160.2229 > hairball.139: P 1:73(72) ack 1 win 8760
>>> NBT Packet
NBT Session Request
Flags=0x81000044
Destination=AARDVARK        NameType=0x20 (Server)
Source=PC114160        NameType=0x00 (Workstation)

 (DF)
17:08:19.314118 hairball.139 > pc114160.2229: . ack 73 win 8688 (DF)
17:08:19.366158 hairball.139 > pc114160.2229: P 1:5(4) ack 73 win 8760
>>> NBT Packet
NBT Session Granted
Flags=0x82000000

 (DF)
17:08:19.367707 pc114160.2229 > hairball.139: P 73:247(174) ack 5 win 8756
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=170

SMB PACKET: SMBnegprot (REQUEST)
SMB Command   =  0x72
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  0
Proc ID       =  51966
UID           =  0
MID           =  0
Word Count    =  0
Dialect=PC NETWORK PROGRAM 1.0
Dialect=XENIX CORE
Dialect=MICROSOFT NETWORKS 1.03
Dialect=LANMAN1.0
Dialect=Windows for Workgroups 3.1a
Dialect=LM1.2X002
Dialect=LANMAN2.1
Dialect=NT LM 0.12


 (DF)
17:08:19.367901 hairball.139 > pc114160.2229: . ack 247 win 8760 (DF)
17:08:19.636406 hairball.139 > pc114160.2229: P 5:93(88) ack 247 win 8760
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=84

SMB PACKET: SMBnegprot (REPLY)
SMB Command   =  0x72
Error class   =  0x0
Error code    =  0
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  0
Proc ID       =  51966
UID           =  0
MID           =  0
Word Count    =  17
NT1 Protocol
DialectIndex=7
SecMode=0x3
MaxMux=50
NumVcs=1
MaxBuffer=65535
RawSize=65536
SessionKey=0x43F8
Capabilities=0x331
ServerTime=Mon Jun 14 17:08:19 1999
TimeZone=300
CryptKey=Data: (1 bytes)
[000] 08                                                . 
[000] 8D 37 4A 4F 3B 48 5B 81  43 43 41 4E 45 54 00     .7JO;H[. CCANET.


 (DF)
17:08:19.639387 pc114160.2229 > hairball.139: P 247:440(193) ack 93 win 8668
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=189

SMB PACKET: SMBsesssetupX (REQUEST)
SMB Command   =  0x73
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  0
Proc ID       =  51966
UID           =  0
MID           =  0
Word Count    =  13
Com2=0x75
Res1=0x0
Off2=157
MaxBuffer=61440
MaxMpx=50
VcNumber=0
SessionKey=0x43F8
CaseInsensitivePasswordLength=24
CaseSensitivePasswordLength=24
Res=0x0
Capabilities=0xD4
Pass1&Pass2&Account&Domain&OS&LanMan=
[000] 88 92 A3 6D D6 72 35 0C  62 51 68 23 02 AE 79 F2  ...m.r5. bQh#..y.
[010] E5 6B 5C 83 6F 86 81 44  EB 52 4D 36 F5 52 DC 1C  .k\.o..D .RM6.R..
[020] FD 5E A7 49 4E 11 F1 33  4E 71 2B 50 B5 42 DA BF  .^.IN..3 Nq+P.B..
[030] 63 68 62 65 72 67 35 00  43 43 41 4E 45 54 00 57  chberg5. CCANET.W
[040] 69 6E 64 6F 77 73 20 4E  54 20 31 33 38 31 00 00  indows N T 1381..
[050] 57 69 6E 64 6F 77 73 20  4E 54 20 34 2E 30 00 00  Windows  NT 4.0..

SMB PACKET: SMBtconX (REQUEST) (CHAINED)
smbvwv[]=
Com2=0xFF
Off2=0
Flags=0x0
PassLen=1
Passwd&Path&Device=
smb_bcc=21
smb_buf[]=
[000] 00 5C 5C 41 41 52 44 56  41 52 4B 5C 49 50 43 24  .\\AARDV ARK\IPC$
[010] 00 49 50 43 00                                    .IPC. 


 (DF)
17:08:19.680588 hairball.139 > pc114160.2229: . ack 440 win 8760 (DF)
17:08:22.950817 hairball.139 > pc114160.2229: P 93:179(86) ack 440 win 8760
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=82

SMB PACKET: SMBsesssetupX (REPLY)
SMB Command   =  0x73
Error class   =  0x0
Error code    =  0
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  1
Proc ID       =  51966
UID           =  100
MID           =  0
Word Count    =  3
Com2=0x75
Off2=65
Action=0x0
[000] 55 6E 69 78 00 53 61 6D  62 61 20 32 2E 30 2E 33  Unix.Sam ba 2.0.3
[010] 00 43 43 41 4E 45 54 00                           .CCANET. 

SMB PACKET: SMBtconX (REPLY) (CHAINED)
smbvwv[]=
Com2=0xFF
Off2=0
Data: (2 bytes)
[000] 01 00                                             .. 
smbbuf[]=
ServiceType=IPC
Data: (4 bytes)
[000] 49 50 43 00                                       IPC. 


 (DF)
17:08:22.952494 pc114160.2229 > hairball.139: P 440:535(95) ack 179 win 8582
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=91

SMB PACKET: SMBunknown (REQUEST)
SMB Command   =  0xA2
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  1
Proc ID       =  23136
UID           =  100
MID           =  64
Word Count    =  24
smbvwv[]=
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1792 (0x700)
smb_vwv[3]=1536 (0x600)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=40704 (0x9F00)
smb_vwv[8]=513 (0x201)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=768 (0x300)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=256 (0x100)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=512 (0x200)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=256 (0x100)
smb_bcc=8
smb_buf[]=
[000] 5C 73 72 76 73 76 63 00                           \srvsvc. 


 (DF)
17:08:22.954814 hairball.139 > pc114160.2229: P 179:286(107) ack 535 win 8760
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=103

SMB PACKET: SMBunknown (REPLY)
SMB Command   =  0xA2
Error class   =  0x0
Error code    =  0
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  1
Proc ID       =  23136
UID           =  100
MID           =  64
Word Count    =  34
smbvwv[]=
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=11776 (0x2E00)
smb_vwv[3]=368 (0x170)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=0 (0x0)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=0 (0x0)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_vwv[24]=0 (0x0)
smb_vwv[25]=0 (0x0)
smb_vwv[26]=0 (0x0)
smb_vwv[27]=0 (0x0)
smb_vwv[28]=0 (0x0)
smb_vwv[29]=0 (0x0)
smb_vwv[30]=0 (0x0)
smb_vwv[31]=512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]=5 (0x5)
smb_bcc=0


 (DF)
17:08:22.956474 pc114160.2229 > hairball.139: P 535:687(152) ack 286 win 8475
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=148

SMB PACKET: SMBtrans (REQUEST)
SMB Command   =  0x25
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  1
Proc ID       =  23136
UID           =  100
MID           =  128
Word Count    =  16
TotParamCnt=0 
TotDataCnt=72 
MaxParmCnt=0 
MaxDataCnt=1024
MaxSCnt=0 
TransFlags=0x0 
Res1=0x0 
Res2=0x0 
Res3=0x0
ParamCnt=0 
ParamOff=76 
DataCnt=72 
DataOff=76 
SUCnt=2
Data: (4 bytes)
[000] 26 00 2E 70                                       &..p 
Name=\PIPE\
Data: (2 bytes)
[000] 00 00                                             .. 
Data Data: (72 bytes)
[000] 05 00 0B 00 10 00 00 00  48 00 00 00 00 00 00 00  ........ H.......
[010] 30 16 30 16 00 00 00 00  01 00 00 00 00 00 01 00  0.0..... ........
[020] C8 4F 32 4B 70 16 D3 01  12 78 5A 47 BF 6E E1 88  .O2Kp... .xZG.n..
[030] 03 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
[040] 2B 10 48 60 02 00 00 00                           +.H`.... 


 (DF)
17:08:22.959706 hairball.139 > pc114160.2229: P 286:414(128) ack 687 win 8760
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=124

SMB PACKET: SMBtrans (REPLY)
SMB Command   =  0x25
Error class   =  0x0
Error code    =  0
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  1
Proc ID       =  23136
UID           =  100
MID           =  128
Word Count    =  10
TotParamCnt=0 
TotDataCnt=68 
Res1=0
ParamCnt=0 
ParamOff=56 
Res2=0 
DataCnt=68 
DataOff=56 
Res3=0
Lsetup=0
Unknown Data: (1 bytes)
[000] 00                                                . 
Data Data: (68 bytes)
[000] 05 00 0C 03 10 00 00 00  44 00 00 00 00 00 00 00  ........ D.......
[010] 30 16 30 16 00 00 00 00  0D 00 5C 50 49 50 45 5C  0.0..... ..\PIPE\
[020] 6E 74 73 76 63 73 00 00  01 00 00 00 00 00 00 00  ntsvcs.. ........
[030] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
[040] 02 00 00 00                                       .... 


 (DF)
17:08:22.961376 pc114160.2229 > hairball.139: P 687:851(164) ack 414 win 8347
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=160

SMB PACKET: SMBtrans (REQUEST)
SMB Command   =  0x25
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  1
Proc ID       =  23136
UID           =  100
MID           =  192
Word Count    =  16
TotParamCnt=0 
TotDataCnt=84 
MaxParmCnt=0 
MaxDataCnt=1024
MaxSCnt=0 
TransFlags=0x0 
Res1=0x0 
Res2=0x0 
Res3=0x0
ParamCnt=0 
ParamOff=76 
DataCnt=84 
DataOff=76 
SUCnt=2
Data: (4 bytes)
[000] 26 00 2E 70                                       &..p 
Name=\PIPE\
Data: (2 bytes)
[000] 5C 00                                             \. 
Data Data: (84 bytes)
[000] 05 00 00 03 10 00 00 00  54 00 00 00 01 00 00 00  ........ T.......
[010] 3C 00 00 00 00 00 17 00  A6 71 16 00 09 00 00 00  <....... .q......
[020] 00 00 00 00 09 00 00 00  41 00 41 00 52 00 44 00  ........ A.A.R.D.
[030] 56 00 41 00 52 00 4B 00  00 00 C9 11 00 00 00 00  V.A.R.K. ........
[040] 00 00 00 00 00 00 00 00  FF FF FF FF 88 DD 12 00  ........ ........
[050] 80 05 14 00                                       .... 


 (DF)
17:08:22.965077 hairball.139 > pc114160.2229: P 414:478(64) ack 851 win 8760
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=60

SMB PACKET: SMBtrans (REPLY)
SMB Command   =  0x25
Error class   =  0x0
Error code    =  0
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  1
Proc ID       =  23136
UID           =  100
MID           =  192
Word Count    =  10
TotParamCnt=4 
TotDataCnt=0 
Res1=0
ParamCnt=4 
ParamOff=56 
Res2=0 
DataCnt=0 
DataOff=60 
Res3=0
Lsetup=0
Unknown Data: (1 bytes)
[000] 00                                                . 
Param Data: (4 bytes)
[000] 32 00 00 00                                       2... 


 (DF)
17:08:22.966349 pc114160.2229 > hairball.139: P 851:897(46) ack 478 win 8283
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=42

SMB PACKET: SMBclose (REQUEST)
SMB Command   =  0x4
Error class   =  0x0
Error code    =  0
Flags1        =  0x18
Flags2        =  0x3
Tree ID       =  1
Proc ID       =  51966
UID           =  100
MID           =  256
Word Count    =  3
smbvwv[]=
Handle=28718
Time=NULL
smb_bcc=0


 (DF)
17:08:22.967612 hairball.139 > pc114160.2229: P 478:517(39) ack 897 win 8760
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=35

SMB PACKET: SMBclose (REPLY)
SMB Command   =  0x4
Error class   =  0x0
Error code    =  0
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  1
Proc ID       =  51966
UID           =  100
MID           =  256
Word Count    =  0
smb_bcc=0

 (DF)
17:08:23.103096 pc114160.2229 > hairball.139: . ack 517 win 8244 (DF)




More information about the samba mailing list