J
JerryO
Client PC: WinXP SP3
Server: Windows 2003 Server Enterprise Ed. SP2
Problem: Often, but not always, when using Windows Explorer to copy a small
group (about 3) of small (under 1K) text files from one folder to another on
the same mapped drive, it will take about 30 seconds to a minute before the
overwrite confirm dialog box appears. After confirming the copy, the file
progress bar appears for another period much longer than should be necessary
to copy files of this size. When copying the same files using the Copy
command, there is no noticeable delay.
The following packet trace shows a three instances of a long delay. Each
seems to involve a TCP request that looks like:
TCP wfremotertm > microsoft-ds [ACK] Seq=7911 Ack=10372 Win=65089 [TCP
CHECKSUM INCORRECT] Len=0
There are no retransmissions, so I think the incorrect checksum is due to
hardware offload, correct?
The delays occur around packets 115, 264, 310, 362, & 434
Can anyone tell me what's causing this?
No. Time Source Destination Protocol Info
1 0.000000 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
\krm\10\reg\00341914
2 0.000549 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
3 0.000688 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\reg\00341914\default.css
4 0.001348 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default.css
5 0.001589 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0xc02c, Path: \krm\10\reg\00341914\default.css
6 0.002146 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0xc02c
7 0.002206 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0xc02c, Query File Internal Info
8 0.002546 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0xc02c, QUERY_FILE_INFO
9 0.002730 172.16.6.51 172.16.5.32 SMB
Read AndX Request, FID: 0xc02c, 1180 bytes at offset 0
10 0.003347 172.16.5.32 172.16.6.51 SMB
Read AndX Response, FID: 0xc02c, 1180 bytes
....
....
100 0.052549 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND
101 0.196345 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=7212 Ack=9054 Win=64327 [TCP CHECKSUM
INCORRECT] Len=0
102 1.828327 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
\krm\10\coe\00341914
103 1.828856 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
104 1.828997 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\*
105 1.829852 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: . .. account.txt default.css
default_lft.htm default_top.htm
106 1.862724 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
107 1.863859 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
108 1.863995 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query Full FS Size Info
109 1.864254 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
110 1.867993 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x801f, Path: \krm\10\coe\00341914
111 1.868859 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x801f
112 1.868939 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Internal Info, Path:
\krm\10\coe\00341914
113 1.869859 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
114 1.870023 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x801f
115 1.870862 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x801f
116 2.006875 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=7911 Ack=10372 Win=65089 [TCP CHECKSUM
INCORRECT] Len=0
117 5.845189 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\coe\00341914\desktop.ini
118 5.845691 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_OBJECT_NAME_NOT_FOUND
119 5.849592 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\coe\.svn\entries
120 5.850087 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_OBJECT_PATH_NOT_FOUND
121 5.850332 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\coe\00341914\.svn\entries
122 5.850684 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_OBJECT_PATH_NOT_FOUND
123 5.850970 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Network Open Info, Path:
\krm\10\coe\00341914
124 5.851284 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
....
....
260 7.254823 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info
261 7.255158 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
262 7.255346 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x0038, Path: \krm\10\reg\00341914\default.css
263 7.255764 172.16.5.32 172.16.6.51 SMB
Locking AndX Request, FID: 0x0036
264 7.438442 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=17968 Ack=20912 Win=65320 [TCP CHECKSUM
INCORRECT] Len=0
265 48.324739 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0038
266 48.324796 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x0036
267 48.325132 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x0036
268 48.325378 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x403b
269 48.325932 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x403b
270 48.325982 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Standard Info
271 48.326331 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
272 48.326417 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x4039
273 48.326730 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x4039
274 48.326796 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Basic Info
275 48.327131 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
276 48.327221 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Stream Info
277 48.327532 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
278 48.327658 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Basic Info
279 48.327932 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
...
....
305 48.339507 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
306 48.339607 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914
307 48.340332 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: 00341914
308 48.340560 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\default.css
309 48.341348 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default.css
310 48.476983 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=20044 Ack=23508 Win=64219 [TCP CHECKSUM
INCORRECT] Len=0
311 71.621481 Dell_23:8c:aa Broadcast ARP Who
has 172.16.5.32? Tell 172.16.5.46
312 80.105543 172.16.6.51 172.16.5.32 SMB
Echo Request
313 80.105768 172.16.5.32 172.16.6.51 SMB
Echo Response
314 80.261727 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=20097 Ack=23561 Win=64166 [TCP CHECKSUM
INCORRECT] Len=0
315 81.667262 172.16.5.32 172.16.7.255 BROWSER
Host Announcement EBMSWEB1, Workstation, Server, NT Workstation, NT Server,
Backup Browser, Unknown server type:23
316 89.158636 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x4037, Path: \krm\10\reg\00341914\default.css
317 89.159490 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x4037
318 89.159574 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x4037, Query File Internal Info
319 89.159886 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x4037, QUERY_FILE_INFO
320 89.160090 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x4037, Query File Stream Info
321 89.160288 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x4037, QUERY_FILE_INFO
322 89.160494 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x803a, Path: \krm\10\coe\00341914\default.css
323 89.161287 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x803a
324 89.161417 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x803a, Query File Internal Info
....
....
359 89.176284 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
360 89.177296 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\reg\00341914\default_lft.htm
361 89.177859 172.16.5.32 172.16.6.51 SMB
Locking AndX Request, FID: 0xc02b
362 89.314349 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=23435 Ack=26651 Win=64501 [TCP CHECKSUM
INCORRECT] Len=0
363 128.321948 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_SHARING_VIOLATION
364 128.322011 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0xc02b
365 128.322342 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0xc02b
366 128.322399 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\default.css
367 128.323143 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default.css
368 128.323196 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x4037
369 128.323543 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x4037
370 128.323606 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x002c, Path: \krm\10\reg\00341914\default_lft.htm
....
....
430 128.354995 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info
431 128.355332 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
432 128.359217 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x4038, Path: \krm\10\reg\00341914\default_top.htm
433 128.359754 172.16.5.32 172.16.6.51 SMB
Locking AndX Request, FID: 0x8039
434 128.542367 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=27372 Ack=30445 Win=65248 [TCP CHECKSUM
INCORRECT] Len=0
435 144.834297 Intel_0e:ff:c1 Broadcast ARP Who
has 172.16.5.30? Tell 172.16.5.32
436 168.320647 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x4038
437 168.320715 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x8039
438 168.323647 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x8039
439 168.323705 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\default_lft.htm
440 168.324448 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default_lft.htm
....
....
501 168.374201 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query Full FS Size Info
502 168.374450 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
503 168.575055 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=30665 Ack=33759 Win=65065 [TCP CHECKSUM
INCORRECT] Len=0
Server: Windows 2003 Server Enterprise Ed. SP2
Problem: Often, but not always, when using Windows Explorer to copy a small
group (about 3) of small (under 1K) text files from one folder to another on
the same mapped drive, it will take about 30 seconds to a minute before the
overwrite confirm dialog box appears. After confirming the copy, the file
progress bar appears for another period much longer than should be necessary
to copy files of this size. When copying the same files using the Copy
command, there is no noticeable delay.
The following packet trace shows a three instances of a long delay. Each
seems to involve a TCP request that looks like:
TCP wfremotertm > microsoft-ds [ACK] Seq=7911 Ack=10372 Win=65089 [TCP
CHECKSUM INCORRECT] Len=0
There are no retransmissions, so I think the incorrect checksum is due to
hardware offload, correct?
The delays occur around packets 115, 264, 310, 362, & 434
Can anyone tell me what's causing this?
No. Time Source Destination Protocol Info
1 0.000000 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
\krm\10\reg\00341914
2 0.000549 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
3 0.000688 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\reg\00341914\default.css
4 0.001348 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default.css
5 0.001589 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0xc02c, Path: \krm\10\reg\00341914\default.css
6 0.002146 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0xc02c
7 0.002206 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0xc02c, Query File Internal Info
8 0.002546 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0xc02c, QUERY_FILE_INFO
9 0.002730 172.16.6.51 172.16.5.32 SMB
Read AndX Request, FID: 0xc02c, 1180 bytes at offset 0
10 0.003347 172.16.5.32 172.16.6.51 SMB
Read AndX Response, FID: 0xc02c, 1180 bytes
....
....
100 0.052549 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND
101 0.196345 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=7212 Ack=9054 Win=64327 [TCP CHECKSUM
INCORRECT] Len=0
102 1.828327 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
\krm\10\coe\00341914
103 1.828856 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
104 1.828997 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\*
105 1.829852 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: . .. account.txt default.css
default_lft.htm default_top.htm
106 1.862724 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
107 1.863859 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
108 1.863995 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query Full FS Size Info
109 1.864254 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
110 1.867993 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x801f, Path: \krm\10\coe\00341914
111 1.868859 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x801f
112 1.868939 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Internal Info, Path:
\krm\10\coe\00341914
113 1.869859 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
114 1.870023 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x801f
115 1.870862 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x801f
116 2.006875 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=7911 Ack=10372 Win=65089 [TCP CHECKSUM
INCORRECT] Len=0
117 5.845189 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\coe\00341914\desktop.ini
118 5.845691 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_OBJECT_NAME_NOT_FOUND
119 5.849592 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\coe\.svn\entries
120 5.850087 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_OBJECT_PATH_NOT_FOUND
121 5.850332 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\coe\00341914\.svn\entries
122 5.850684 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_OBJECT_PATH_NOT_FOUND
123 5.850970 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Network Open Info, Path:
\krm\10\coe\00341914
124 5.851284 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
....
....
260 7.254823 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info
261 7.255158 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
262 7.255346 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x0038, Path: \krm\10\reg\00341914\default.css
263 7.255764 172.16.5.32 172.16.6.51 SMB
Locking AndX Request, FID: 0x0036
264 7.438442 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=17968 Ack=20912 Win=65320 [TCP CHECKSUM
INCORRECT] Len=0
265 48.324739 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0038
266 48.324796 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x0036
267 48.325132 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x0036
268 48.325378 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x403b
269 48.325932 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x403b
270 48.325982 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Standard Info
271 48.326331 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
272 48.326417 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x4039
273 48.326730 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x4039
274 48.326796 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Basic Info
275 48.327131 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
276 48.327221 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Stream Info
277 48.327532 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
278 48.327658 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x0038, Query File Basic Info
279 48.327932 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x0038, QUERY_FILE_INFO
...
....
305 48.339507 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_PATH_INFO
306 48.339607 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914
307 48.340332 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: 00341914
308 48.340560 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\default.css
309 48.341348 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default.css
310 48.476983 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=20044 Ack=23508 Win=64219 [TCP CHECKSUM
INCORRECT] Len=0
311 71.621481 Dell_23:8c:aa Broadcast ARP Who
has 172.16.5.32? Tell 172.16.5.46
312 80.105543 172.16.6.51 172.16.5.32 SMB
Echo Request
313 80.105768 172.16.5.32 172.16.6.51 SMB
Echo Response
314 80.261727 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=20097 Ack=23561 Win=64166 [TCP CHECKSUM
INCORRECT] Len=0
315 81.667262 172.16.5.32 172.16.7.255 BROWSER
Host Announcement EBMSWEB1, Workstation, Server, NT Workstation, NT Server,
Backup Browser, Unknown server type:23
316 89.158636 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x4037, Path: \krm\10\reg\00341914\default.css
317 89.159490 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x4037
318 89.159574 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x4037, Query File Internal Info
319 89.159886 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x4037, QUERY_FILE_INFO
320 89.160090 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x4037, Query File Stream Info
321 89.160288 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FID: 0x4037, QUERY_FILE_INFO
322 89.160494 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x803a, Path: \krm\10\coe\00341914\default.css
323 89.161287 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x803a
324 89.161417 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x803a, Query File Internal Info
....
....
359 89.176284 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
360 89.177296 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, Path: \krm\10\reg\00341914\default_lft.htm
361 89.177859 172.16.5.32 172.16.6.51 SMB
Locking AndX Request, FID: 0xc02b
362 89.314349 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=23435 Ack=26651 Win=64501 [TCP CHECKSUM
INCORRECT] Len=0
363 128.321948 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x0000, Error: STATUS_SHARING_VIOLATION
364 128.322011 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0xc02b
365 128.322342 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0xc02b
366 128.322399 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\default.css
367 128.323143 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default.css
368 128.323196 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x4037
369 128.323543 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x4037
370 128.323606 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x002c, Path: \krm\10\reg\00341914\default_lft.htm
....
....
430 128.354995 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info
431 128.355332 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
432 128.359217 172.16.6.51 172.16.5.32 SMB NT
Create AndX Request, FID: 0x4038, Path: \krm\10\reg\00341914\default_top.htm
433 128.359754 172.16.5.32 172.16.6.51 SMB
Locking AndX Request, FID: 0x8039
434 128.542367 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=27372 Ack=30445 Win=65248 [TCP CHECKSUM
INCORRECT] Len=0
435 144.834297 Intel_0e:ff:c1 Broadcast ARP Who
has 172.16.5.30? Tell 172.16.5.32
436 168.320647 172.16.5.32 172.16.6.51 SMB NT
Create AndX Response, FID: 0x4038
437 168.320715 172.16.6.51 172.16.5.32 SMB
Close Request, FID: 0x8039
438 168.323647 172.16.5.32 172.16.6.51 SMB
Close Response, FID: 0x8039
439 168.323705 172.16.6.51 172.16.5.32 SMB
Trans2 Request, FIND_FIRST2, Pattern: \krm\10\coe\00341914\default_lft.htm
440 168.324448 172.16.5.32 172.16.6.51 SMB
Trans2 Response, FIND_FIRST2, Files: default_lft.htm
....
....
501 168.374201 172.16.6.51 172.16.5.32 SMB
Trans2 Request, QUERY_FS_INFO, Query Full FS Size Info
502 168.374450 172.16.5.32 172.16.6.51 SMB
Trans2 Response, QUERY_FS_INFO
503 168.575055 172.16.6.51 172.16.5.32 TCP
wfremotertm > microsoft-ds [ACK] Seq=30665 Ack=33759 Win=65065 [TCP CHECKSUM
INCORRECT] Len=0