Wireshark-users: Re: [Wireshark-users] some strange cifs request
From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 13 Jun 2007 10:11:58 +0000
it is just the client checking if the file has any
AlternateDataStreams attached to it.



On 6/13/07, Zuoheng <zh.huang@xxxxxxxxx> wrote:
Hi,

I am a newbie to Wireshark,  currently using Wireshark troubleshooting
a cifs performance issue. I got some insteresting output from
Wireshark,


No.     Time        Source                Destination           Protocol
Info
     23 0.027344    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}:$DATA
     24 0.027344    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     25 0.027344    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:\005SummaryInformation:$DATA
     26 0.027344    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     27 0.027344    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:Docf_\005SummaryInformation:$DATA
     28 0.027344    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     29 0.031250    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:\005SummaryInformation:$DATA
     30 0.031250    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     31 0.031250    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:Docf_\005SummaryInformation:$DATA
     32 0.031250    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND
     33 0.031250    152.62.34.59          10.32.33.99           SMB
  NT Create AndX Request, Path:
\rexhuang\a:\005SummaryInformation:$DATA
     34 0.031250    10.32.33.99           152.62.34.59          SMB
  NT Create AndX Response, Error: STATUS_OBJECT_NAME_NOT_FOUND

152.62.34.59 is client IP, 10.32.33.99 is a cifs server.

My question is I dont have any such special file or directory under
\rexhuang\, why the client send out such CreateAndX request?

Any input will be appreciated.

/zuoheng
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users