Export (0) Print
Expand All

4.4 Copy File (Remote to Local)

The following example illustrates the sequence of operations during the copying of a file from a remote location to the local machine. The example assumes that the connection establishment and session management have already taken place.

0de8c1ac-1034-443e-a5c7-332c095df8c1

Figure 6: Copy file (remote to local) sequence

In the preceding diagram, the first frame is to open the remote file for read access. The subsequent frames read the data from the file, and then close the file. In between the read and the close, the data is written to the local file.

NT_CREATE_ANDX

Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12
SMB: Tree ID      (Tid) = 2049 (0x801)
SMB: Process ID   (Pid) = 3592 (0xE08)
SMB: User ID      (Uid) = 2048 (0x800)
SMB: Multiplex ID (Mid) = 1712 (0x6B0)
SMB: Command = C NT create & X
        SMB: Desired Access = 0x00000089
            SMB: ...............................1 = Read Data Allowed
            SMB: ..............................0. = Write Data Denied
            SMB: .............................0.. = Append Data Denied
            SMB: ............................1... = Read EA Allowed
            SMB: ...........................0.... = Write EA Denied
            SMB: ..........................0..... = File Execute Denied
            SMB: .........................0...... = File Delete Denied
            SMB: ........................1....... = File Read Attributes Allowed
            SMB: .......................0........ = File Write Attributes Denied
        SMB: NT File Attributes = 0x00000080
            SMB: ...............................0 = Not Read Only
            SMB: ..............................0. = Not Hidden
            SMB: .............................0.. = Not System
            SMB: ...........................0.... = Not Directory
            SMB: ..........................0..... = Not Archive
            SMB: .........................0...... = Not Device
            SMB: ........................1....... = Normal
            SMB: .......................0........ = Not Temporary
            SMB: ......................0......... = Not Sparse File
            SMB: .....................0.......... = Not Reparse Point
            SMB: ....................0........... = Not Compressed
            SMB: ...................0............ = Not Offline
            SMB: ..................0............. = 
CONTENT_INDEXED
            SMB: .................0.............. = Not Encrypted
        SMB: File Share Access = 0x00000003
            SMB: ...............................1 = Read allowed
            SMB: ..............................1. = Write allowed
            SMB: .............................0.. = Delete not 
allowed
        SMB: Create Disposition = Open:  If exist, Open, else fail
        SMB: Create Options = 68 (0x44)
            SMB: ...............................0 = non-directory
            SMB: ..............................0. = non-write through
            SMB: .............................1.. = Data must be written to the file sequentially
            SMB: ............................0... = intermediate buffering allowed
            SMB: ...........................0.... = IO alerts bits not set
            SMB: ..........................0..... = IO non-alerts bit not set
            SMB: .........................1...... = Operation is on a non-directory file
            SMB: ........................0....... = tree connect bit not set
            SMB: .......................0........ = complete if oplocked bit is not set
            SMB: ......................0......... = no EA knowledge bit is not set
            SMB: .....................0.......... = 8.3 filenames bit is not set
            SMB: ....................0........... = random access bit is not set
            SMB: ...................0............ = delete on close bit is not set
            SMB: ..................0............. = open by filename
            SMB: .................0.............. = open for backup bit not set
        SMB: File name =\filename.txt

NT_CREATE_ANDX Response

Server -> Client: SMB: C NT Create Andx, Dialect = NTLM 0.12
SMB: Tree ID      (Tid) = 2049 (0x801)
SMB: Process ID   (Pid) = 3592 (0xE08)
SMB: User ID      (Uid) = 2048 (0x800)
SMB: Multiplex ID (Mid) = 1712 (0x6B0)
SMB: Command = R NT create & X
        SMB: Oplock Level = Batch
        SMB: File ID (Fid) = 16389 (0x4005)

        SMB: NT File Attributes = 0x00000020
            SMB: ...............................0 = Not Read Only
            SMB: ..............................0. = Not Hidden
            SMB: .............................0.. = Not System
            SMB: ...........................0.... = Not Directory
            SMB: ..........................1..... = Archive
            SMB: .........................0...... = Not Device
            SMB: ........................0....... = Not Normal
            SMB: .......................0........ = Not Temporary
            SMB: ......................0......... = Not Sparse File
            SMB: .....................0.......... = Not Reparse Point
            SMB: ....................0........... = Not Compressed
            SMB: ...................0............ = Not Offline
            SMB: ..................0............. = CONTENT_INDEXED
            SMB: .................0.............. = Not Encrypted

SMB_COM_READ_ANDX Request

Client -> Server: SMB: C Read Andx, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 1744 (0x6D0)
SMB: Command = C read & X
        SMB: File ID (Fid) = 16389 (0x4005)
        SMB: Max count = 1596 (0x63C)
        SMB: Min count = 1596 (0x63C)
        SMB: Bytes left = 1596

SMB_COM_READ_ANDX Response

Server -> Client: SMB: R Read Andx, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 1744 (0x6D0)
SMB: Command = C read & X
        SMB: Data length = 1596 (0x63C)
        SMB: Data offset = 60 (0x3C)
        SMB: Byte count = 1597

Data = 00 90 27 D0 C4 6F 00 90 27 66 6D BE 08 00 45 00 …… 

SMB_COM_CLOSE Request

Client -> Server: SMB: C Close, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 1984 (0x7C0)
SMB: Command = C Close
        SMB: File ID (Fid) = 16389 (0x4005)

SMB_COM_CLOSE Response

Server -> Client: SMB: R Close, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 1984 (0x7C0)


 
Show:
© 2014 Microsoft