SMB
We connect to different windows boxes or linux boxes for file sharing on a network without actually bothering what makes it happen.Well,Server Message Block does exactly that.It's job is to be a client server, request-response protocol.
Servers make file systems and other resources (printers, mailslots, named pipes, APIs) available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers.
Clients connect to servers using TCP/IP (actually NetBIOS over TCP/IP as specified in RFC1001 and RFC1002), NetBEUI or IPX/SPX. Once they have established a connection, clients can then send commands (SMBs) to the server that allow them to access shares, open files, read and write files, and generally do all the sort of things that you want to do with a file system. However, in the case of SMB, these things are done over the network.
http://www.samba.org/cifs/docs/what-is-smb.html is a good reference to what SMB is all about.
Personally,I wanted to see what happens when I access any other windows box using the UNC path (\\server\share).So,I used the following scenario :
192.168.52.1 wants to talk(share/access files) on 192.168.52.3
Here's what actually happened courtesy Ethereal dumps :
SMB Request :
0000 00 0c 29 58 26 61 00 50 56 c0 00 01 08 00 45 00 ..)X&a.P V.....E.
0010 00 b1 b6 88 40 00 80 06 5a 69 c0 a8 34 01 c0 a8 ....@... Zi..4...
0020 34 03 08 cc 01 bd 62 96 34 2a 7a cf e7 e7 50 18 4.....b. 4*z...P.
0030 ff ff f9 b6 00 00 00 00 00 85 ff 53 4d 42 72 00 ........ ...SMBr.
0040 00 00 00 18 53 c8 00 00 00 00 00 00 00 00 00 00 ....S... ........
0050 00 00 00 00 ff fe 00 00 00 00 00 62 00 02 50 43 ........ ...b..PC
0060 20 4e 45 54 57 4f 52 4b 20 50 52 4f 47 52 41 4d NETWORK PROGRAM
0070 20 31 2e 30 00 02 4c 41 4e 4d 41 4e 31 2e 30 00 1.0..LA NMAN1.0.
0080 02 57 69 6e 64 6f 77 73 20 66 6f 72 20 57 6f 72 .Windows for Wor
0090 6b 67 72 6f 75 70 73 20 33 2e 31 61 00 02 4c 4d kgroups 3.1a..LM
00a0 31 2e 32 58 30 30 32 00 02 4c 41 4e 4d 41 4e 32 1.2X002. .LANMAN2
00b0 2e 31 00 02 4e 54 20 4c 4d 20 30 2e 31 32 00 .1..NT L M 0.12.
SMB Response :
0000 00 50 56 c0 00 01 00 0c 29 58 26 61 08 00 45 00 .PV..... )X&a..E.
0010 00 81 00 4d 40 00 80 06 10 d5 c0 a8 34 03 c0 a8 ...M@... ....4...
0020 34 01 01 bd 08 cc 7a cf e7 e7 62 96 34 b3 50 18 4.....z. ..b.4.P.
0030 fa 67 4d 16 00 00 00 00 00 55 ff 53 4d 42 72 00 .gM..... .U.SMBr.
0040 00 00 00 98 53 c8 00 00 00 00 00 00 00 00 00 00 ....S... ........
0050 00 00 00 00 ff fe 00 00 00 00 11 05 00 03 0a 00 ........ ........
0060 01 00 04 11 00 00 00 00 01 00 00 00 00 00 fd e3 ........ ........
0070 00 80 e0 49 1f cb 33 df c7 01 a4 01 00 10 00 c4 ...I..3. ........
0080 80 db 7b 34 95 9e 45 9f 3a 4f 64 44 e0 a0 51 ..{4..E. :OdD..Q
One thing which is very clear is that Microsoft implementation of SMB uses LANMAN (2.1 in this case).
The figure shows the packets flowing back and forth both the boxes,we can see NetBIOS headers along with the SMB headers and payloads.
Certainly makes some sense now.
0 comments: to “ SMB ”
Post a Comment