The Samba-Bugzilla – Attachment 1545 Details for
Bug 2421
Quickbooks file sharing oplock problem in 3.0.11 and 3.0.12pre2-SVN-build-5654
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
tethereal - Samba with oplocks
quickbooks-samba3.0.14a-oplocks.txt (text/plain), 34.42 KB, created by
Kevin Shanahan (dead mail address)
on 2005-10-26 18:08:23 UTC
(
hide
)
Description:
tethereal - Samba with oplocks
Filename:
MIME Type:
Creator:
Kevin Shanahan (dead mail address)
Created:
2005-10-26 18:08:23 UTC
Size:
34.42 KB
patch
obsolete
>Frame 10597 (252 bytes on wire, 252 bytes captured) > Arrival Time: Oct 26, 2005 11:14:25.495527000 > Time delta from previous packet: 0.000590000 seconds > Time since reference or first frame: 56.327354000 seconds > Frame Number: 10597 > Packet Length: 252 bytes > Capture Length: 252 bytes > Protocols in frame: eth:ip:tcp:nbss:smb >Ethernet II, Src: Ibm_5d:92:37 (00:11:25:5d:92:37), Dst: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Destination: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Source: Ibm_5d:92:37 (00:11:25:5d:92:37) > Type: IP (0x0800) >Internet Protocol, Src: 192.168.0.54 (192.168.0.54), Dst: 192.168.0.249 (192.168.0.249) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 238 > Identification: 0xf921 (63777) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 128 > Protocol: TCP (0x06) > Header checksum: 0x7e68 [correct] > Source: 192.168.0.54 (192.168.0.54) > Destination: 192.168.0.249 (192.168.0.249) >Transmission Control Protocol, Src Port: 1273 (1273), Dst Port: microsoft-ds (445), Seq: 63337, Ack: 50405, Len: 198 > Source port: 1273 (1273) > Destination port: microsoft-ds (445) > Sequence number: 63337 (relative sequence number) > Next sequence number: 63535 (relative sequence number) > Acknowledgement number: 50405 (relative ack number) > Header length: 20 bytes > Flags: 0x0018 (PSH, ACK) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...1 .... = Acknowledgment: Set > .... 1... = Push: Set > .... .0.. = Reset: Not set > .... ..0. = Syn: Not set > .... ...0 = Fin: Not set > Window size: 65343 > Checksum: 0x356e [correct] > SEQ/ACK analysis > This is an ACK to the segment in frame: 10596 > The RTT to ACK the segment was: 0.000590000 seconds >NetBIOS Session Service > Message Type: Session message > Length: 194 >SMB (Server Message Block Protocol) > SMB Header > Server Component: SMB > SMB Command: NT Create AndX (0xa2) > NT Status: STATUS_SUCCESS (0x00000000) > Flags: 0x18 > 0... .... = Request/Response: Message is a request to the server > .0.. .... = Notify: Notify client only on open > ..0. .... = Oplocks: OpLock not requested/granted > ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized > .... 1... = Case Sensitivity: Path names are caseless > .... ..0. = Receive Buffer Posted: Receive buffer has not been posted > .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported > Flags2: 0xc807 > 1... .... .... .... = Unicode Strings: Strings are Unicode > .1.. .... .... .... = Error Code Type: Error codes are NT error codes > ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only > ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs > .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported > .... .... .0.. .... = Long Names Used: Path names in request are not long file names > .... .... .... .1.. = Security Signatures: Security signatures are supported > .... .... .... ..1. = Extended Attributes: Extended attributes are supported > .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response > Process ID High: 0 > Signature: 0000000000000000 > Reserved: 0000 > Tree ID: 1 > Process ID: 2608 > User ID: 100 > Multiplex ID: 14273 > NT Create AndX Request (0xa2) > Word Count (WCT): 24 > AndXCommand: No further commands (0xff) > Reserved: 00 > AndXOffset: 57054 > Reserved: 00 > File Name Len: 108 > Create Flags: 0x00000016 > .... .... .... .... .... .... ...1 .... = Extended Response: Extended responses required > .... .... .... .... .... .... .... 0... = Create Directory: Target of open can be a file > .... .... .... .... .... .... .... .1.. = Batch Oplock: Requesting BATCH OPLOCK > .... .... .... .... .... .... .... ..1. = Exclusive Oplock: Requesting OPLOCK > Root FID: 0x00000000 > Access Mask: 0x00020189 > 0... .... .... .... .... .... .... .... = Generic Read: Generic read is NOT set > .0.. .... .... .... .... .... .... .... = Generic Write: Generic write is NOT set > ..0. .... .... .... .... .... .... .... = Generic Execute: Generic execute is NOT set > ...0 .... .... .... .... .... .... .... = Generic All: Generic all is NOT set > .... ..0. .... .... .... .... .... .... = Maximum Allowed: Maximum allowed is NOT set > .... ...0 .... .... .... .... .... .... = System Security: System security is NOT set > .... .... ...0 .... .... .... .... .... = Synchronize: Can NOT wait on handle to synchronize on completion of I/O > .... .... .... 0... .... .... .... .... = Write Owner: Can NOT write owner (take ownership) > .... .... .... .0.. .... .... .... .... = Write DAC: Owner may NOT write to the DAC > .... .... .... ..1. .... .... .... .... = Read Control: READ ACCESS to owner, group and ACL of the SID > .... .... .... ...0 .... .... .... .... = Delete: NO delete access > .... .... .... .... .... ...1 .... .... = Write Attributes: WRITE ATTRIBUTES access > .... .... .... .... .... .... 1... .... = Read Attributes: READ ATTRIBUTES access > .... .... .... .... .... .... .0.. .... = Delete Child: NO delete child access > .... .... .... .... .... .... ..0. .... = Execute: NO execute access > .... .... .... .... .... .... ...0 .... = Write EA: NO write extended attributes access > .... .... .... .... .... .... .... 1... = Read EA: READ EXTENDED ATTRIBUTES access > .... .... .... .... .... .... .... .0.. = Append: NO append access > .... .... .... .... .... .... .... ..0. = Write: NO write access > .... .... .... .... .... .... .... ...1 = Read: READ access > Allocation Size: 0 > File Attributes: 0x00000080 > .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file > .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service > .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline > .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file > .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point > .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file > .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file > .... .... .... .... .... .... 1... .... = Normal: This file is an ordinary file > .... .... .... .... .... .... .0.. .... = Device: This is NOT a device > .... .... .... .... .... .... ..0. .... = Archive: This file has NOT been modified since last archive > .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory > .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID > .... .... .... .... .... .... .... .0.. = System: This is NOT a system file > .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file > .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only > Share Access: 0x00000007 > .... .... .... .... .... .... .... .1.. = Delete: Object can be shared for DELETE > .... .... .... .... .... .... .... ..1. = Write: Object can be shared for WRITE > .... .... .... .... .... .... .... ...1 = Read: Object can be shared for READ > Disposition: Open (if file exists open it, else fail) (1) > Create Options: 0x00000940 > .... .... .... .... .... .... .... ...0 = Directory: File being created/opened must not be a directory > .... .... .... .... .... .... .... ..0. = Write Through: Writes need not flush buffered data before completing > .... .... .... .... .... .... .... .0.. = Sequential Only: The file might not only be accessed sequentially > .... .... .... .... .... .... ...0 .... = Sync I/O Alert: Operations NOT necessarily synchronous > .... .... .... .... .... .... ..0. .... = Sync I/O Nonalert: Operations NOT necessarily synchronous > .... .... .... .... .... .... .1.. .... = Non-Directory: File being created/opened must not be a directory > .... .... .... .... .... ..0. .... .... = No EA Knowledge: The client understands extended attributes > .... .... .... .... .... .0.. .... .... = 8.3 Only: The client understands long file names > .... .... .... .... .... 1... .... .... = Random Access: The file will be accessed randomly > .... .... .... .... ...0 .... .... .... = Delete On Close: The file should not be deleted when it is closed > Impersonation: Impersonation (2) > Security Flags: 0x00 > .... ...0 = Context Tracking: Security tracking mode is STATIC > .... ..0. = Effective Only: ALL aspects of the client's security context are available > Byte Count (BCC): 111 > File Name: \wha-quickbooks\Westside Housing - General Account.QBW > >Frame 10598 (109 bytes on wire, 109 bytes captured) > Arrival Time: Oct 26, 2005 11:14:25.496895000 > Time delta from previous packet: 0.001368000 seconds > Time since reference or first frame: 56.328722000 seconds > Frame Number: 10598 > Packet Length: 109 bytes > Capture Length: 109 bytes > Protocols in frame: eth:ip:tcp:nbss:smb >Ethernet II, Src: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22), Dst: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74) > Destination: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74) > Source: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Type: IP (0x0800) >Internet Protocol, Src: 192.168.0.249 (192.168.0.249), Dst: 192.168.0.120 (192.168.0.120) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 95 > Identification: 0x29aa (10666) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 64 > Protocol: TCP (0x06) > Header checksum: 0x8e2d [correct] > Source: 192.168.0.249 (192.168.0.249) > Destination: 192.168.0.120 (192.168.0.120) >Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 1078 (1078), Seq: 6633921, Ack: 726146, Len: 55 > Source port: microsoft-ds (445) > Destination port: 1078 (1078) > Sequence number: 6633921 (relative sequence number) > Next sequence number: 6633976 (relative sequence number) > Acknowledgement number: 726146 (relative ack number) > Header length: 20 bytes > Flags: 0x0018 (PSH, ACK) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...1 .... = Acknowledgment: Set > .... 1... = Push: Set > .... .0.. = Reset: Not set > .... ..0. = Syn: Not set > .... ...0 = Fin: Not set > Window size: 32767 > Checksum: 0x8313 [incorrect, should be 0xcf87] >NetBIOS Session Service > Message Type: Session message > Length: 51 >SMB (Server Message Block Protocol) > SMB Header > Server Component: SMB > SMB Command: Locking AndX (0x24) > Error Class: Success (0x00) > Reserved: 00 > Error Code: No Error > Flags: 0x00 > 0... .... = Request/Response: Message is a request to the server > .0.. .... = Notify: Notify client only on open > ..0. .... = Oplocks: OpLock not requested/granted > ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized > .... 0... = Case Sensitivity: Path names are case sensitive > .... ..0. = Receive Buffer Posted: Receive buffer has not been posted > .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported > Flags2: 0x0000 > 0... .... .... .... = Unicode Strings: Strings are ASCII > .0.. .... .... .... = Error Code Type: Error codes are DOS error codes > ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only > ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs > .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported > .... .... .0.. .... = Long Names Used: Path names in request are not long file names > .... .... .... .0.. = Security Signatures: Security signatures are not supported > .... .... .... ..0. = Extended Attributes: Extended attributes are not supported > .... .... .... ...0 = Long Names Allowed: Long file names are not allowed in the response > Process ID High: 0 > Signature: 0000000000000000 > Reserved: 0000 > Tree ID: 1 > Process ID: 65535 > User ID: 0 > Multiplex ID: 65535 > Locking AndX Request (0x24) > Word Count (WCT): 8 > AndXCommand: No further commands (0xff) > Reserved: 00 > AndXOffset: 0 > FID: 0x25b9 > Lock Type: 0x02 > ...0 .... = Large Files: Large file locking format not requested > .... 0... = Cancel: Don't cancel outstanding lock request > .... .0.. = Change: Don't change lock type > .... ..1. = Oplock Break: This is an oplock break notification/response > .... ...0 = Shared: This is an exclusive lock > Oplock Level: Level 2 oplock currently held by client (1) > Timeout: Return immediately (0) > Number of Unlocks: 0 > Number of Locks: 0 > Byte Count (BCC): 0 > >Frame 10599 (129 bytes on wire, 129 bytes captured) > Arrival Time: Oct 26, 2005 11:14:25.497533000 > Time delta from previous packet: 0.000638000 seconds > Time since reference or first frame: 56.329360000 seconds > Frame Number: 10599 > Packet Length: 129 bytes > Capture Length: 129 bytes > Protocols in frame: eth:ip:tcp:nbss:smb >Ethernet II, Src: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74), Dst: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Destination: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Source: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74) > Type: IP (0x0800) >Internet Protocol, Src: 192.168.0.120 (192.168.0.120), Dst: 192.168.0.249 (192.168.0.249) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 115 > Identification: 0x9973 (39283) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 128 > Protocol: TCP (0x06) > Header checksum: 0xde4f [correct] > Source: 192.168.0.120 (192.168.0.120) > Destination: 192.168.0.249 (192.168.0.249) >Transmission Control Protocol, Src Port: 1078 (1078), Dst Port: microsoft-ds (445), Seq: 726146, Ack: 6633976, Len: 75 > Source port: 1078 (1078) > Destination port: microsoft-ds (445) > Sequence number: 726146 (relative sequence number) > Next sequence number: 726221 (relative sequence number) > Acknowledgement number: 6633976 (relative ack number) > Header length: 20 bytes > Flags: 0x0018 (PSH, ACK) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...1 .... = Acknowledgment: Set > .... 1... = Push: Set > .... .0.. = Reset: Not set > .... ..0. = Syn: Not set > .... ...0 = Fin: Not set > Window size: 64241 > Checksum: 0xc715 [correct] > SEQ/ACK analysis > This is an ACK to the segment in frame: 10598 > The RTT to ACK the segment was: 0.000638000 seconds >NetBIOS Session Service > Message Type: Session message > Length: 71 >SMB (Server Message Block Protocol) > SMB Header > Server Component: SMB > SMB Command: Locking AndX (0x24) > NT Status: STATUS_SUCCESS (0x00000000) > Flags: 0x18 > 0... .... = Request/Response: Message is a request to the server > .0.. .... = Notify: Notify client only on open > ..0. .... = Oplocks: OpLock not requested/granted > ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized > .... 1... = Case Sensitivity: Path names are caseless > .... ..0. = Receive Buffer Posted: Receive buffer has not been posted > .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported > Flags2: 0xc807 > 1... .... .... .... = Unicode Strings: Strings are Unicode > .1.. .... .... .... = Error Code Type: Error codes are NT error codes > ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only > ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs > .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported > .... .... .0.. .... = Long Names Used: Path names in request are not long file names > .... .... .... .1.. = Security Signatures: Security signatures are supported > .... .... .... ..1. = Extended Attributes: Extended attributes are supported > .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response > Process ID High: 0 > Signature: 0000000000000000 > Reserved: 0000 > Tree ID: 1 > Process ID: 65279 > User ID: 100 > Multiplex ID: 2882 > Locking AndX Request (0x24) > Word Count (WCT): 8 > AndXCommand: No further commands (0xff) > Reserved: 00 > AndXOffset: 57054 > FID: 0x25b9 > Lock Type: 0x10 > ...1 .... = Large Files: Large file locking format requested > .... 0... = Cancel: Don't cancel outstanding lock request > .... .0.. = Change: Don't change lock type > .... ..0. = Oplock Break: This is not an oplock break notification/response > .... ...0 = Shared: This is an exclusive lock > Oplock Level: Client is not holding oplock on this file (0) > Timeout: Wait indefinitely (-1) > Number of Unlocks: 0 > Number of Locks: 1 > Byte Count (BCC): 20 > Locks > Lock > Process ID: 65279 > Reserved: 0000 > Offset: 563 > Length: 1 > >Frame 10600 (97 bytes on wire, 97 bytes captured) > Arrival Time: Oct 26, 2005 11:14:25.499078000 > Time delta from previous packet: 0.001545000 seconds > Time since reference or first frame: 56.330905000 seconds > Frame Number: 10600 > Packet Length: 97 bytes > Capture Length: 97 bytes > Protocols in frame: eth:ip:tcp:nbss:smb >Ethernet II, Src: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22), Dst: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74) > Destination: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74) > Source: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Type: IP (0x0800) >Internet Protocol, Src: 192.168.0.249 (192.168.0.249), Dst: 192.168.0.120 (192.168.0.120) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 83 > Identification: 0x29ac (10668) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 64 > Protocol: TCP (0x06) > Header checksum: 0x8e37 [correct] > Source: 192.168.0.249 (192.168.0.249) > Destination: 192.168.0.120 (192.168.0.120) >Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 1078 (1078), Seq: 6633976, Ack: 726221, Len: 43 > Source port: microsoft-ds (445) > Destination port: 1078 (1078) > Sequence number: 6633976 (relative sequence number) > Next sequence number: 6634019 (relative sequence number) > Acknowledgement number: 726221 (relative ack number) > Header length: 20 bytes > Flags: 0x0018 (PSH, ACK) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...1 .... = Acknowledgment: Set > .... 1... = Push: Set > .... .0.. = Reset: Not set > .... ..0. = Syn: Not set > .... ...0 = Fin: Not set > Window size: 32767 > Checksum: 0x8307 [incorrect, should be 0x537e] > SEQ/ACK analysis > This is an ACK to the segment in frame: 10599 > The RTT to ACK the segment was: 0.001545000 seconds >NetBIOS Session Service > Message Type: Session message > Length: 39 >SMB (Server Message Block Protocol) > SMB Header > Server Component: SMB > Response to: 10599 > Time from request: 0.001545000 seconds > SMB Command: Locking AndX (0x24) > NT Status: STATUS_SUCCESS (0x00000000) > Flags: 0x88 > 1... .... = Request/Response: Message is a response to the client/redirector > .0.. .... = Notify: Notify client only on open > ..0. .... = Oplocks: OpLock not requested/granted > ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized > .... 1... = Case Sensitivity: Path names are caseless > .... ..0. = Receive Buffer Posted: Receive buffer has not been posted > .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported > Flags2: 0xc801 > 1... .... .... .... = Unicode Strings: Strings are Unicode > .1.. .... .... .... = Error Code Type: Error codes are NT error codes > ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only > ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs > .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported > .... .... .0.. .... = Long Names Used: Path names in request are not long file names > .... .... .... .0.. = Security Signatures: Security signatures are not supported > .... .... .... ..0. = Extended Attributes: Extended attributes are not supported > .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response > Process ID High: 0 > Signature: 0000000000000000 > Reserved: 0000 > Tree ID: 1 > Process ID: 65279 > User ID: 100 > Multiplex ID: 2882 > Locking AndX Response (0x24) > Word Count (WCT): 2 > AndXCommand: No further commands (0xff) > Reserved: 00 > AndXOffset: 0 > Byte Count (BCC): 0 > >Frame 10601 (109 bytes on wire, 109 bytes captured) > Arrival Time: Oct 26, 2005 11:14:25.499411000 > Time delta from previous packet: 0.000333000 seconds > Time since reference or first frame: 56.331238000 seconds > Frame Number: 10601 > Packet Length: 109 bytes > Capture Length: 109 bytes > Protocols in frame: eth:ip:tcp:nbss:smb >Ethernet II, Src: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74), Dst: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Destination: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Source: AcctonTe_c7:cf:74 (00:10:b5:c7:cf:74) > Type: IP (0x0800) >Internet Protocol, Src: 192.168.0.120 (192.168.0.120), Dst: 192.168.0.249 (192.168.0.249) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 95 > Identification: 0x9974 (39284) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 128 > Protocol: TCP (0x06) > Header checksum: 0xde62 [correct] > Source: 192.168.0.120 (192.168.0.120) > Destination: 192.168.0.249 (192.168.0.249) >Transmission Control Protocol, Src Port: 1078 (1078), Dst Port: microsoft-ds (445), Seq: 726221, Ack: 6634019, Len: 55 > Source port: 1078 (1078) > Destination port: microsoft-ds (445) > Sequence number: 726221 (relative sequence number) > Next sequence number: 726276 (relative sequence number) > Acknowledgement number: 6634019 (relative ack number) > Header length: 20 bytes > Flags: 0x0018 (PSH, ACK) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...1 .... = Acknowledgment: Set > .... 1... = Push: Set > .... .0.. = Reset: Not set > .... ..0. = Syn: Not set > .... ...0 = Fin: Not set > Window size: 64198 > Checksum: 0x0945 [correct] > SEQ/ACK analysis > This is an ACK to the segment in frame: 10600 > The RTT to ACK the segment was: 0.000333000 seconds >NetBIOS Session Service > Message Type: Session message > Length: 51 >SMB (Server Message Block Protocol) > SMB Header > Server Component: SMB > SMB Command: Locking AndX (0x24) > NT Status: STATUS_SUCCESS (0x00000000) > Flags: 0x18 > 0... .... = Request/Response: Message is a request to the server > .0.. .... = Notify: Notify client only on open > ..0. .... = Oplocks: OpLock not requested/granted > ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized > .... 1... = Case Sensitivity: Path names are caseless > .... ..0. = Receive Buffer Posted: Receive buffer has not been posted > .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported > Flags2: 0xc807 > 1... .... .... .... = Unicode Strings: Strings are Unicode > .1.. .... .... .... = Error Code Type: Error codes are NT error codes > ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only > ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs > .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported > .... .... .0.. .... = Long Names Used: Path names in request are not long file names > .... .... .... .1.. = Security Signatures: Security signatures are supported > .... .... .... ..1. = Extended Attributes: Extended attributes are supported > .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response > Process ID High: 0 > Signature: 0000000000000000 > Reserved: 0000 > Tree ID: 1 > Process ID: 65279 > User ID: 100 > Multiplex ID: 65535 > Locking AndX Request (0x24) > Word Count (WCT): 8 > AndXCommand: No further commands (0xff) > Reserved: 00 > AndXOffset: 57054 > FID: 0x25b9 > Lock Type: 0x12 > ...1 .... = Large Files: Large file locking format requested > .... 0... = Cancel: Don't cancel outstanding lock request > .... .0.. = Change: Don't change lock type > .... ..1. = Oplock Break: This is an oplock break notification/response > .... ...0 = Shared: This is an exclusive lock > Oplock Level: Level 2 oplock currently held by client (1) > Timeout: Wait indefinitely (-1) > Number of Unlocks: 0 > Number of Locks: 0 > Byte Count (BCC): 0 > >Frame 10602 (161 bytes on wire, 161 bytes captured) > Arrival Time: Oct 26, 2005 11:14:25.501047000 > Time delta from previous packet: 0.001636000 seconds > Time since reference or first frame: 56.332874000 seconds > Frame Number: 10602 > Packet Length: 161 bytes > Capture Length: 161 bytes > Protocols in frame: eth:ip:tcp:nbss:smb >Ethernet II, Src: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22), Dst: Ibm_5d:92:37 (00:11:25:5d:92:37) > Destination: Ibm_5d:92:37 (00:11:25:5d:92:37) > Source: Micro-St_2d:b4:22 (00:10:dc:2d:b4:22) > Type: IP (0x0800) >Internet Protocol, Src: 192.168.0.249 (192.168.0.249), Dst: 192.168.0.54 (192.168.0.54) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > .... ..0. = ECN-Capable Transport (ECT): 0 > .... ...0 = ECN-CE: 0 > Total Length: 147 > Identification: 0xbb52 (47954) > Flags: 0x04 (Don't Fragment) > 0... = Reserved bit: Not set > .1.. = Don't fragment: Set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 64 > Protocol: TCP (0x06) > Header checksum: 0xfc92 [correct] > Source: 192.168.0.249 (192.168.0.249) > Destination: 192.168.0.54 (192.168.0.54) >Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 1273 (1273), Seq: 50405, Ack: 63535, Len: 107 > Source port: microsoft-ds (445) > Destination port: 1273 (1273) > Sequence number: 50405 (relative sequence number) > Next sequence number: 50512 (relative sequence number) > Acknowledgement number: 63535 (relative ack number) > Header length: 20 bytes > Flags: 0x0018 (PSH, ACK) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...1 .... = Acknowledgment: Set > .... 1... = Push: Set > .... .0.. = Reset: Not set > .... ..0. = Syn: Not set > .... ...0 = Fin: Not set > Window size: 12636 > Checksum: 0x8305 [incorrect, should be 0xa024] > SEQ/ACK analysis > This is an ACK to the segment in frame: 10597 > The RTT to ACK the segment was: 0.005520000 seconds >NetBIOS Session Service > Message Type: Session message > Length: 103 >SMB (Server Message Block Protocol) > SMB Header > Server Component: SMB > Response to: 10597 > Time from request: 0.005520000 seconds > SMB Command: NT Create AndX (0xa2) > NT Status: STATUS_SUCCESS (0x00000000) > Flags: 0x88 > 1... .... = Request/Response: Message is a response to the client/redirector > .0.. .... = Notify: Notify client only on open > ..0. .... = Oplocks: OpLock not requested/granted > ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized > .... 1... = Case Sensitivity: Path names are caseless > .... ..0. = Receive Buffer Posted: Receive buffer has not been posted > .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported > Flags2: 0xc801 > 1... .... .... .... = Unicode Strings: Strings are Unicode > .1.. .... .... .... = Error Code Type: Error codes are NT error codes > ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only > ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs > .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported > .... .... .0.. .... = Long Names Used: Path names in request are not long file names > .... .... .... .0.. = Security Signatures: Security signatures are not supported > .... .... .... ..0. = Extended Attributes: Extended attributes are not supported > .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response > Process ID High: 0 > Signature: 0000000000000000 > Reserved: 0000 > Tree ID: 1 > Process ID: 2608 > User ID: 100 > Multiplex ID: 14273 > NT Create AndX Response (0xa2) > Word Count (WCT): 34 > AndXCommand: No further commands (0xff) > Reserved: 00 > AndXOffset: 0 > Oplock level: Level II oplock granted (3) > FID: 0x25f6 > Create action: The file existed and was opened (1) > Created: Oct 26, 2005 11:13:59.000000000 > Last Access: Oct 26, 2005 11:14:04.000000000 > Last Write: Oct 26, 2005 11:13:59.000000000 > Change: Oct 26, 2005 11:13:59.000000000 > File Attributes: 0x00000020 > .... .... .... .... .0.. .... .... .... = Encrypted: This is NOT an encrypted file > .... .... .... .... ..0. .... .... .... = Content Indexed: This file MAY be indexed by the content indexing service > .... .... .... .... ...0 .... .... .... = Offline: This file is NOT offline > .... .... .... .... .... 0... .... .... = Compressed: This is NOT a compressed file > .... .... .... .... .... .0.. .... .... = Reparse Point: This file does NOT have an associated reparse point > .... .... .... .... .... ..0. .... .... = Sparse: This is NOT a sparse file > .... .... .... .... .... ...0 .... .... = Temporary: This is NOT a temporary file > .... .... .... .... .... .... 0... .... = Normal: This file has some attribute set > .... .... .... .... .... .... .0.. .... = Device: This is NOT a device > .... .... .... .... .... .... ..1. .... = Archive: This file has been modified since last ARCHIVE > .... .... .... .... .... .... ...0 .... = Directory: This is NOT a directory > .... .... .... .... .... .... .... 0... = Volume ID: This is NOT a volume ID > .... .... .... .... .... .... .... .0.. = System: This is NOT a system file > .... .... .... .... .... .... .... ..0. = Hidden: This is NOT a hidden file > .... .... .... .... .... .... .... ...0 = Read Only: This file is NOT read only > Allocation Size: 17825792 > End Of File: 17774592 > File Type: Disk file or directory (0) > IPC State: 0x0007 > 0... .... .... .... = Nonblocking: Reads/writes block if no data available > .0.. .... .... .... = Endpoint: Consumer end of pipe (0) > .... 00.. .... .... = Pipe Type: Byte stream pipe (0) > .... ..00 .... .... = Read Mode: Read pipe as a byte stream (0) > .... .... 0000 0111 = Icount: 7 > Is Directory: This is NOT a directory (0) > Byte Count (BCC): 0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1545">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2421
:
1544
| 1545