[Samba] Samba 3.0.14 - very puzzling domain browsing problems
Stephen Bosch
posting at vodacomm.ca
Wed Jan 25 17:10:53 GMT 2006
Jesse Spangenberger wrote:
> Also, try to run Ethereal (www.ethereal.org) with the filter "nbns || smb"
> and see if the samba server is broadcasting the right packets.
>
> Umm, You could try "remote browser = <subnet of pdc>" making sure the PDC
> and workstations are in the same subnet and not across a router.
We have tried:
1. Specifying the interface in smb.conf
2. Adding the "remote announce" line with the local subnet in it
3. Turning on WINS
No hosts appear in My Network Places (these are 2000 machines).
Last night I did some packet captures on workstations using Ethereal. I
definitely need some help in interpreting them.
I'll attach a capture here and briefly describe what was done.
The Samba PDC is at 10.10.10.12; the host where the capture was done (in
non-promiscuous mode) is 10.10.10.58.
During the packet capture, I open My Network Places | Entire Network |
Microsoft Windows Network | HEDLIN-LAUDER
Nothing appears, so I go up a few levels, then back down.
I repeatedly click the "HEDLIN-LAUDER" domain.
What I see in the packet capture is interesting. For example, when I
click on the HEDLIN-LAUDER domain for the first time:
> No. Time Source Destination Protocol Info
> 3 8.123062 10.10.10.58 10.10.10.12 TCP 1061 > netbios-ssn [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460
>
> Frame 3 (62 bytes on wire, 62 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 0, Ack: 0, Len: 0
>
> No. Time Source Destination Protocol Info
> 4 8.126947 10.10.10.12 10.10.10.58 TCP netbios-ssn > 1061 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
>
> Frame 4 (62 bytes on wire, 62 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 0, Ack: 1, Len: 0
>
> No. Time Source Destination Protocol Info
> 5 8.126970 10.10.10.58 10.10.10.12 TCP 1061 > netbios-ssn [ACK] Seq=1 Ack=1 Win=17520 Len=0
>
> Frame 5 (54 bytes on wire, 54 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 1, Ack: 1, Len: 0
>
> No. Time Source Destination Protocol Info
> 6 8.127006 10.10.10.58 10.10.10.12 NBSS Session request, to PDC<20> from HL08<00>
>
> Frame 6 (126 bytes on wire, 126 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 1, Ack: 1, Len: 72
> NetBIOS Session Service
> Message Type: Session request
> Flags: 0x00
> Length: 68
> Called name: PDC<20> (Server service)
> Calling name: HL08<00> (Workstation/Redirector)
>
> No. Time Source Destination Protocol Info
> 7 8.131150 10.10.10.12 10.10.10.58 TCP netbios-ssn > 1061 [ACK] Seq=1 Ack=73 Win=5840 Len=0
>
> Frame 7 (60 bytes on wire, 60 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 1, Ack: 73, Len: 0
>
> No. Time Source Destination Protocol Info
> 8 8.139589 10.10.10.12 10.10.10.58 NBSS Positive session response
>
> Frame 8 (60 bytes on wire, 60 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 1, Ack: 73, Len: 4
> NetBIOS Session Service
> Message Type: Positive session response
> Flags: 0x00
> Length: 0
>
> No. Time Source Destination Protocol Info
> 9 8.139643 10.10.10.58 10.10.10.12 SMB Negotiate Protocol Request
>
> Frame 9 (191 bytes on wire, 191 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 73, Ack: 5, Len: 137
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 133
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 10
> SMB Command: Negotiate Protocol (0x72)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xc853
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 0
> Multiplex ID: 0
> Negotiate Protocol Request (0x72)
> Word Count (WCT): 0
> Byte Count (BCC): 98
> Requested Dialects
>
> No. Time Source Destination Protocol Info
> 10 8.148008 10.10.10.12 10.10.10.58 SMB Negotiate Protocol Response
>
> Frame 10 (185 bytes on wire, 185 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 5, Ack: 210, Len: 131
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 127
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 9
> Time from request: 0.008365000 seconds
> SMB Command: Negotiate Protocol (0x72)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 0
> Multiplex ID: 0
> Negotiate Protocol Response (0x72)
> Word Count (WCT): 17
> Dialect Index: 5, greater than LANMAN2.1
> Security Mode: 0x03
> Max Mpx Count: 50
> Max VCs: 1
> Max Buffer Size: 16644
> Max Raw Buffer: 65536
> Session Key: 0x000009a5
> Capabilities: 0x8080e3fd
> System Time: Jan 24, 2006 19:39:09.000000000
> Server Time Zone: 420 min from UTC
> Key Length: 58
> Byte Count (BCC): 58
> Server GUID: 70646300000000000000000000000000
> Security Blob: 602806062B0601050502A01E301CA00E300C060A2B060104...
>
> No. Time Source Destination Protocol Info
> 11 8.148759 10.10.10.58 10.10.10.12 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
>
> Frame 11 (280 bytes on wire, 280 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 210, Ack: 136, Len: 226
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 222
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 12
> SMB Command: Session Setup AndX (0x73)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xc807
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 0
> Multiplex ID: 54656
> Session Setup AndX Request (0x73)
> Word Count (WCT): 12
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 222
> Max Buffer: 16644
> Max Mpx Count: 50
> VC Number: 0
> Session Key: 0x00000000
> Security Blob Length: 91
> Reserved: 00000000
> Capabilities: 0x800000d4
> Byte Count (BCC): 163
> Security Blob: 605906062B0601050502A04F304DA00E300C060A2B060104...
> Native OS: Windows 2000 2195
> Native LAN Manager: Windows 2000 5.0
> Primary Domain:
>
Here's the first sign of trouble:
> No. Time Source Destination Protocol Info
> 12 8.162067 10.10.10.12 10.10.10.58 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
>
> Frame 12 (400 bytes on wire, 400 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 136, Ack: 436, Len: 346
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 342
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 11
> Time from request: 0.013308000 seconds
> SMB Command: Session Setup AndX (0x73)
> NT Status: STATUS_MORE_PROCESSING_REQUIRED (0xc0000016)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 0
> Multiplex ID: 54656
> Session Setup AndX Response (0x73)
> Word Count (WCT): 4
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 0
> Action: 0x0000
> Security Blob Length: 233
> Byte Count (BCC): 299
> Security Blob: A181E63081E3A0030A0101A10C060A2B0601040182370202...
> Native OS: Unix
> Native LAN Manager: Samba 3.0.14a
> Extra byte parameters
>
> No. Time Source Destination Protocol Info
> 13 8.162209 10.10.10.58 10.10.10.12 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: \
>
> Frame 13 (294 bytes on wire, 294 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 436, Ack: 482, Len: 240
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 236
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 14
> SMB Command: Session Setup AndX (0x73)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xc807
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 0
> Multiplex ID: 54720
> Session Setup AndX Request (0x73)
> Word Count (WCT): 12
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 236
> Max Buffer: 16644
> Max Mpx Count: 50
> VC Number: 0
> Session Key: 0x00000000
> Security Blob Length: 105
> Reserved: 00000000
> Capabilities: 0x800000d4
> Byte Count (BCC): 177
> Security Blob: A1673065A26304614E544C4D535350000300000001000100...
> Native OS: Windows 2000 2195
> Native LAN Manager: Windows 2000 5.0
> Primary Domain:
>
> No. Time Source Destination Protocol Info
> 14 8.169002 10.10.10.12 10.10.10.58 SMB Session Setup AndX Response
>
> Frame 14 (176 bytes on wire, 176 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 482, Ack: 676, Len: 122
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 118
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 13
> Time from request: 0.006793000 seconds
> SMB Command: Session Setup AndX (0x73)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54720
> Session Setup AndX Response (0x73)
> Word Count (WCT): 4
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 0
> Action: 0x0000
> Security Blob Length: 9
> Byte Count (BCC): 75
> Security Blob: A1073005A0030A0100
> Native OS: Unix
> Native LAN Manager: Samba 3.0.14a
> Extra byte parameters
>
> No. Time Source Destination Protocol Info
> 15 8.169177 10.10.10.58 10.10.10.12 SMB Tree Connect AndX Request, Path: \\PDC\IPC$
>
> Frame 15 (130 bytes on wire, 130 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 676, Ack: 604, Len: 76
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 72
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 16
> SMB Command: Tree Connect AndX (0x75)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xc807
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54784
> Tree Connect AndX Request (0x75)
> Word Count (WCT): 4
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 72
> Flags: 0x0008
> Password Length: 1
> Byte Count (BCC): 29
> Password: 00
> Path: \\PDC\IPC$
> Service: ?????
>
> No. Time Source Destination Protocol Info
> 16 8.176029 10.10.10.12 10.10.10.58 SMB Tree Connect AndX Response
>
> Frame 16 (106 bytes on wire, 106 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 604, Ack: 752, Len: 52
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 48
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 15
> Time from request: 0.006852000 seconds
> SMB Command: Tree Connect AndX (0x75)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 1
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54784
> Tree Connect AndX Response (0x75)
> Word Count (WCT): 3
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 0
> Optional Support: 0x0001
> Byte Count (BCC): 7
> Service: IPC
> Native File System:
>
> No. Time Source Destination Protocol Info
> 17 8.176151 10.10.10.58 10.10.10.12 LANMAN NetServerEnum2 Request, Domain Enum
>
> Frame 17 (172 bytes on wire, 172 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 752, Ack: 656, Len: 118
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 114
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 18
> SMB Command: Trans (0x25)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xd807
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 1
> Process ID: 348
> User ID: 100
> Multiplex ID: 54848
> Trans Request (0x25)
> Word Count (WCT): 14
> Total Parameter Count: 22
> Total Data Count: 0
> Max Parameter Count: 8
> Max Data Count: 14724
> Max Setup Count: 0
> Reserved: 00
> Flags: 0x0000
> Timeout: 5 seconds
> Reserved: 0000
> Parameter Count: 22
> Parameter Offset: 92
> Data Count: 0
> Data Offset: 0
> Setup Count: 0
> Reserved: 00
> Byte Count (BCC): 51
> Transaction Name: \PIPE\LANMAN
> Padding: 0000
> SMB Pipe Protocol
> Microsoft Windows Lanman Remote API Protocol
> Function Code: NetServerEnum2 (104)
> Parameter Descriptor: WrLehDO
> Return Descriptor: B16
> Detail Level: 0
> Receive Buffer Length: 14724
> Server Type: 0x80000000
> Enumeration Domain (Null pointer)
>
> No. Time Source Destination Protocol Info
> 18 8.183000 10.10.10.12 10.10.10.58 LANMAN NetServerEnum2 Response
>
> Frame 18 (122 bytes on wire, 122 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 656, Ack: 870, Len: 68
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 64
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 17
> Time from request: 0.006849000 seconds
> SMB Command: Trans (0x25)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 1
> Process ID: 348
> User ID: 100
> Multiplex ID: 54848
> Trans Response (0x25)
> Word Count (WCT): 10
> Total Parameter Count: 8
> Total Data Count: 0
> Reserved: 0000
> Parameter Count: 8
> Parameter Offset: 56
> Parameter Displacement: 0
> Data Count: 0
> Data Offset: 64
> Data Displacement: 0
> Setup Count: 0
> Reserved: 00
> Byte Count (BCC): 9
> Padding: 00
> SMB Pipe Protocol
> Microsoft Windows Lanman Remote API Protocol
> Function Code: NetServerEnum2 (104)
> Status: Success (0)
> Convert: 0
> Entry Count: 0
> Available Entries: 0
>
> No. Time Source Destination Protocol Info
> 19 8.183070 10.10.10.58 10.10.10.12 SMB Logoff AndX Request
>
> Frame 19 (97 bytes on wire, 97 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 870, Ack: 724, Len: 43
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 39
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 20
> SMB Command: Logoff AndX (0x74)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xc807
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54912
> Logoff AndX Request (0x74)
> Word Count (WCT): 2
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 0
> Byte Count (BCC): 0
>
> No. Time Source Destination Protocol Info
> 20 8.190031 10.10.10.12 10.10.10.58 SMB Logoff AndX Response
>
> Frame 20 (97 bytes on wire, 97 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 724, Ack: 913, Len: 43
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 39
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 19
> Time from request: 0.006961000 seconds
> SMB Command: Logoff AndX (0x74)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 0
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54912
> Logoff AndX Response (0x74)
> Word Count (WCT): 2
> AndXCommand: No further commands (0xff)
> Reserved: 00
> AndXOffset: 0
> Byte Count (BCC): 0
>
> No. Time Source Destination Protocol Info
> 21 8.190059 10.10.10.58 10.10.10.12 SMB Tree Disconnect Request
>
> Frame 21 (93 bytes on wire, 93 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn (139), Seq: 913, Ack: 767, Len: 39
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 35
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response in: 22
> SMB Command: Tree Disconnect (0x71)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x18
> Flags2: 0xc807
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 1
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54976
> Tree Disconnect Request (0x71)
> Word Count (WCT): 0
> Byte Count (BCC): 0
>
> No. Time Source Destination Protocol Info
> 22 8.195642 10.10.10.12 10.10.10.58 SMB Tree Disconnect Response
>
> Frame 22 (93 bytes on wire, 93 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 (1061), Seq: 767, Ack: 952, Len: 39
> NetBIOS Session Service
> Message Type: Session message
> Flags: 0x00
> Length: 35
> SMB (Server Message Block Protocol)
> SMB Header
> Server Component: SMB
> Response to: 21
> Time from request: 0.005583000 seconds
> SMB Command: Tree Disconnect (0x71)
> NT Status: STATUS_SUCCESS (0x00000000)
> Flags: 0x88
> Flags2: 0xc801
> Process ID High: 0
> Signature: 0000000000000000
> Reserved: 0000
> Tree ID: 1
> Process ID: 65279
> User ID: 100
> Multiplex ID: 54976
> Tree Disconnect Response (0x71)
> Word Count (WCT): 0
> Byte Count (BCC): 0
So, that's the end of a discrete session. There are more examples with
more errors, I'll put those in another post.
-Stephen-
More information about the samba
mailing list