psloss
Premium
join:2002-02-24
Alpharetta, GA
1 edit | reply to dave
Re: Windows File Sharing: Facing The Mystery
said by dave  :(I didn't pay close attention to looking at how far the 445 connection setup had to proceed -- there are several SMBs needed for complete connection setup after the TCP connection is ready -- before the 139 connection was abandoned). In the Microsoft server-side implementations I tested, my recollection (which is going on 18 months or thereabouts, so it's fuzzy) is that the 139 connection gets reset even before the negotiate protocol SMB appeared (chronologically) in the Ethereal logs.
But I'd have to go snag the old logs to see for sure what they show; for now, it's easy enough to fire up Ethereal to take a look at a current domain and/or workgroup setup.
And it should be fairly simple to hack something together to send a SYN on 139 before 445...I'll have to try that in some spare time...
(Edit: spelling)
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org
|
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to psloss
said by psloss :Do you have a cite for this? I just tried this with Ethereal running (Win2000 to Win2000).
If I connect to a machine I have never connected to ever before, then I see a SYN to TCP/445 immediately followed by a SYN to TCP/139. Eventually, the second connection gets reset.
If I connect to a machine that I connect to often, then only the 445 connection is sent, so there's some memory in the system.
I imagine the odds are that 445 will be chosen, since (a) the 445 connection request is fractionally ahead of the 139 connection request on the wire, (b) smb-over-native involves one less layer than smb-over-nbt, so maybe the turnaround time is a little less.
(I didn't pay close attention to looking at how far the 445 connection setup had to proceed -- there are several SMBs needed for complete connection setup after the TCP connection is ready -- before the 139 connection was abandoned). |
|
