[Samba] 65534 rows & c.

Aurélien Aptel aaptel at suse.com
Wed Jan 17 11:10:11 UTC 2018 

"Barbara M. via samba" <samba at lists.samba.org> writes:
> I don't know wireshark.
> Done some attempts.
> I tried using tshak (no X), but can't find the right syntax to capture 
> something useful.
> can you guide me?

You can do the capture from the Windows client but if you feel more
comfortable with tshark on the server you can run

    tshark -p -w FILENAME -f "port 445"

where FILENAME is the name of the capture file that is going to be
written.

* Start the windows client and try connecting to the share.
* Once it fails hit Ctrl-C to signal tshark and stop the capture.
* Copy and open the file in wireshark (with a GUI).

You should see a list of packets made of requests (from the client) &
responses (from the server). Each response has a status indicating if
the handling of the request by the server was successful or not, along
with the response data.

* A SMB connection starts by negotiating the protocol version to use
  (smb1, 2, 3, ...) for the rest of the exchange ("Negotiate Protocol").

* The next step is the "Session Setup" where among other things
  authentification of the user on the server happens. You will most
  likely see some back and forth between the client and the server
  ("more processing required") that's normal.

* Then comes the share connection ("Tree Connect") where the client
  explicitely selects a share on that server from which the rest of the
  request are going to be on.

* At this point, the rest of the packets are going to be whatever you do
  on that share.

* When the client is done e.g. when you close all explorer windows
  looking at the share [1] the client terminates the connection and the
  whole thing goes in reverse: "Tree Disconnect" then "Session Logoff"
  and you're done.

By looking at which steps fails you can learn about the source of the problem.

1: note that this doesnt necessary happen straight away: Windows often
   keeps the connection alive for a while even when nothing seems to be
   using it.

Cheers,

-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

More information about the samba mailing list