[Samba] server response does not appear to correspond to request

Jonathon Doran jon at doransw.com
Sun Jul 26 13:41:55 MDT 2009 

Here is a second, somewhat related question to my last one.  When  
looking over the network trace I have ran into something I cannot  
explain.  It may be quite proper, in which case I am misreading the  
trace.  But I would appreciate it if someone would explain this to me.

In packet 109 of the trace (during a login with no profile on the  
server), I see a "NT Create AndX request" for the path \jon.V2.  I'll  
provide the captured packet below.  But for now, this makes perfect  
sense.  I am certainly interested in the resolution of this request.   
The trace lists the response as coming in packet 110.  Well, that is  
convenient, as I don't have far to look.

In packet 110 I learn that the request failed.  The packet shows that  
it is a response to packet 109, so we are consistent so far.  But the  
filename in the response is "\jon\Desktop". Desktop never appeared in  
the original request, yet my read of the response is that a create  
failed on a path which differed from that in the request.

Assuming that I am mistaken, it would be very helpful if I understood  
where I am going wrong in my thinking.

As always, feedback from the list is appreciated.

Jonathon Doran
University of North Texas, LARC

Frame 109 (158 bytes on wire, 158 bytes captured)
Ethernet II, Src: warcraft.larc.local (00:1e:4f:d3:65:a9), Dst:  
unreal.larc.local (00:14:85:14:f5:78)
Internet Protocol, Src: warcraft.larc.local (10.0.1.5), Dst:  
unreal.larc.local (10.0.0.2)
Transmission Control Protocol, Src Port: 49159 (49159), Dst Port:  
netbios-ssn (139), Seq: 5200, Ack: 4597, Len: 104
     Source port: 49159 (49159)
     Destination port: netbios-ssn (139)
     [Stream index: 2]
     Sequence number: 5200    (relative sequence number)
     [Next sequence number: 5304    (relative sequence number)]
     Acknowledgement number: 4597    (relative ack number)
     Header length: 20 bytes
     Flags: 0x18 (PSH, ACK)
     Window size: 65700 (scaled)
     Checksum: 0xf3d6 [validation disabled]
     [SEQ/ACK analysis]
NetBIOS Session Service
SMB (Server Message Block Protocol)
     SMB Header
         Server Component: SMB
         [Response in: 110]
         SMB Command: NT Create AndX (0xa2)
         NT Status: STATUS_SUCCESS (0x00000000)
         Flags: 0x18
         Flags2: 0xc807
         Process ID High: 0
         Signature: 0000000000000000
         Reserved: 0000
         Tree ID: 4  (\\UNREAL\PROFDATA)
         Process ID: 980
         User ID: 102  (LARC\jon)
         Multiplex ID: 2304
     NT Create AndX Request (0xa2)
         Word Count (WCT): 24
         AndXCommand: No further commands (0xff)
         Reserved: 00
         AndXOffset: 57054
         Reserved: 00
         File Name Len: 14
         Create Flags: 0x00000010
         Root FID: 0x00000000
         Access Mask: 0x00100100
         Allocation Size: 0
         File Attributes: 0x00000000
         Share Access: 0x00000007 SHARE_DELETE SHARE_WRITE SHARE_READ
         Disposition: Open (if file exists open it, else fail) (1)
         Create Options: 0x00200000
         Impersonation: Impersonation (2)
         Security Flags: 0x00
         Byte Count (BCC): 17
         File Name: \jon.V2



Frame 110 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: unreal.larc.local (00:14:85:14:f5:78), Dst:  
warcraft.larc.local (00:1e:4f:d3:65:a9)
Internet Protocol, Src: unreal.larc.local (10.0.0.2), Dst:  
warcraft.larc.local (10.0.1.5)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port:  
49159 (49159), Seq: 4597, Ack: 5304, Len: 39
     Source port: netbios-ssn (139)
     Destination port: 49159 (49159)
     [Stream index: 2]
     Sequence number: 4597    (relative sequence number)
     [Next sequence number: 4636    (relative sequence number)]
     Acknowledgement number: 5304    (relative ack number)
     Header length: 20 bytes
     Flags: 0x18 (PSH, ACK)
     Window size: 23040 (scaled)
     Checksum: 0x1548 [validation disabled]
     [SEQ/ACK analysis]
NetBIOS Session Service
SMB (Server Message Block Protocol)
     SMB Header
         Server Component: SMB
         [Response to: 109]
         [Time from request: 0.001582000 seconds]
         SMB Command: NT Create AndX (0xa2)
         NT Status: STATUS_ACCESS_DENIED (0xc0000022)
         Flags: 0x88
         Flags2: 0xc801
         Process ID High: 0
         Signature: 0000000000000000
         Reserved: 0000
         Tree ID: 4  (\\UNREAL\PROFDATA)
         Process ID: 980
         User ID: 102  (LARC\jon)
         Multiplex ID: 2304
     NT Create AndX Response (0xa2)
         Word Count (WCT): 0
         Byte Count (BCC): 0
         [FID: 0x0000 (\jon\Desktop)]
             [Opened in: 22103]
             [Closed in: 22103]
             [File Name: \jon\Desktop]
             Create Flags: 0x00000010
             Access Mask: 0x00100001
             File Attributes: 0x00000080
             Share Access: 0x00000003 SHARE_WRITE SHARE_READ
             Create Options: 0x00200001

More information about the samba mailing list