Wireshark · Wireshark-users: [Wireshark-users] Why so much SMB traffic?

Wireshark-users: [Wireshark-users] Why so much SMB traffic?

From: "Jeff -" <unix_core@xxxxxxxxxxxxx>

Date: Mon, 10 Nov 2008 14:35:57 -0700

Our network uses a Windows 2003 server as our file server.    Has a basic shared folder and users map it to their machine.

Using Wireshark I'm seeing tons of activity like the following:

No.		Time		SRC				DST				Protocol		INFO
10956	59.354649	192.168.143.23	192.168.143.1	SMB			Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \steve
10957	59.354750	192.168.143.1	192.168.143.23	SMB			Trans2 Response, QUERY_PATH_INFO
10958	59.355077	192.168.143.23	192.168.143.1	SMB			Trans2 Request, FIND_FIRST2, Pattern: \steve\TM_CFW.sys
10959	59.355306	192.168.143.1	192.168.143.23	SMB			Trans2 Response, FIND_FIRST2, Error: STATUS_NO_SUCH_FILE

The user and files vary.

Many users seem to be always searching for files on the file server which do not exist.  The files it looks for seems like "system" files and is never files that are on our file server.   Anyone know what this could mean and/or what could be causing this?

=
Trend Micro oem software
Secure your home network against online threats - Free Download.
http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=ea524f6bfc6d25b5695bca42dd6f3d8c


-- 
Powered by Outblaze

Follow-Ups:
- Re: [Wireshark-users] Why so much SMB traffic?
  - From: John Trumbell
- Re: [Wireshark-users] Why so much SMB traffic?
  - From: Martin Visser

Prev by Date: Re: [Wireshark-users] How to change the version string
Next by Date: Re: [Wireshark-users] TCP/UDP ports
Previous by thread: Re: [Wireshark-users] TCP/UDP ports
Next by thread: Re: [Wireshark-users] Why so much SMB traffic?
Index(es):
- Date
- Thread