[Samba] 65534 rows & c.
Aurélien Aptel
aaptel at suse.com
Wed Jan 17 11:10:11 UTC 2018
"Barbara M. via samba" <samba at lists.samba.org> writes:
> I don't know wireshark.
> Done some attempts.
> I tried using tshak (no X), but can't find the right syntax to capture
> something useful.
> can you guide me?
You can do the capture from the Windows client but if you feel more
comfortable with tshark on the server you can run
tshark -p -w FILENAME -f "port 445"
where FILENAME is the name of the capture file that is going to be
written.
* Start the windows client and try connecting to the share.
* Once it fails hit Ctrl-C to signal tshark and stop the capture.
* Copy and open the file in wireshark (with a GUI).
You should see a list of packets made of requests (from the client) &
responses (from the server). Each response has a status indicating if
the handling of the request by the server was successful or not, along
with the response data.
* A SMB connection starts by negotiating the protocol version to use
(smb1, 2, 3, ...) for the rest of the exchange ("Negotiate Protocol").
* The next step is the "Session Setup" where among other things
authentification of the user on the server happens. You will most
likely see some back and forth between the client and the server
("more processing required") that's normal.
* Then comes the share connection ("Tree Connect") where the client
explicitely selects a share on that server from which the rest of the
request are going to be on.
* At this point, the rest of the packets are going to be whatever you do
on that share.
* When the client is done e.g. when you close all explorer windows
looking at the share [1] the client terminates the connection and the
whole thing goes in reverse: "Tree Disconnect" then "Session Logoff"
and you're done.
By looking at which steps fails you can learn about the source of the problem.
1: note that this doesnt necessary happen straight away: Windows often
keeps the connection alive for a while even when nothing seems to be
using it.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the samba
mailing list