Export (0) Print
Expand All

4.2 Negotiating SMB 2.10 dialect by using Multi-Protocol Negotiate

The following diagram shows the steps taken by a client that is negotiating SMB 2.10 dialect by using an SMB-style negotiate.

00b55cf0-52a0-4d08-8394-5af51451d6fa

Figure 7: Client negotiating SMB 2.10 dialect with SMB-style negotiate

  1. The client sends an SMB negotiate packet with the string "SMB 2.???" in the dialect string list, along with the other SMB dialects the client implements.

    Smb: C; Negotiate, Dialect = PC NETWORK PROGRAM 1.0, LANMAN1.0, Windows for Workgroups 3.1a, LM1.2X002, LANMAN2.1, NT LM 0.12, SMB 2.002, SMB 2.???
    Protocol: SMB
    Command: Negotiate 114(0x72)
    NTStatus: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
    Code:     (................0000000000000000) (0) STATUS_SUCCESS
    Facility: (...0000000000000................) FACILITY_SYSTEM
    Customer: (..0.............................) NOT Customer Defined
    Severity: (00..............................) STATUS_SEVERITY_SUCCESS
    SMBHeader: Command, TID: 0xFFFF, PID: 0xFEFF, UID: 0x0000, MID: 0x0000
    Flags: 24 (0x18)
    LockAndRead:     (.......0) LOCK_AND_READ and WRITE_AND_UNLOCK NOT supported (Obsolete) (SMB_FLAGS_LOCK_AND_READ_OK)
    NoAck:           (......0.) An ACK response is needed (SMB_FLAGS_SEND_NO_ACK[only applicable when SMB transport is NetBIOS over IPX])
    Reserved_bit2:   (.....0..) Reserved (Must Be Zero)
    CaseInsensitive: (....1...) SMB paths are caseinsensitive (SMB_FLAGS_CASE_INSENSITIVE)
    Canonicalized:   (...1....) Canonicalized File and pathnames (Obsolete) (SMB_FLAGS_CANONICALIZED_PATHS)
    Oplock:          (..0.....) Oplocks NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK)
    OplockNotify:    (.0......) Notifications NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK_NOTIFY_ANY)
    FromServer:      (0.......) Command SMB is being sent from the client (SMB_FLAGS_SERVER_TO_REDIR)
    Flags2: 51283 (0xC853)
    KnowsLongFiles:   (...............1) Understands Long File Names (SMB_FLAGS2_KNOWS_LONG_NAMES)
    ExtendedAttribs:  (..............1.) Understands extended attributes (SMB_FLAGS2_KNOWS_EAS)
    SignEnabled:      (.............0..) Security signatures NOT enabled (SMB_FLAGS2_SMB_SECURITY_SIGNATURE)
    Compressed:       (............0...) Compression Disabled for REQ_NT_WRITE_ANDX and RESP_READ_ANDX (SMB_FLAGS2_COMPRESSED)
    SignRequired:     (...........1....) Security Signatures are required (SMB_FLAGS2_SMB_SECURITY_SIGNATURE_REQUIRED)
    Reserved_bit5:    (..........0.....) Reserved (Must Be Zero)
    LongFileNames:    (.........1......) Use Long File Names (SMB_FLAGS2_IS_LONG_NAME)
    Reserved_bits7_9: (......000.......) Reserved (Must Be Zero)
    ReparsePath:      (.....0..........) NOT a Reparse path (SMB_FLAGS2_REPARSE_PATH)
    ExtSecurity:      (....1...........) Aware of extended security (SMB_FLAGS2_EXTENDED_SECURITY)
    Dfs:              (...0............) NO DFS namespace (SMB_FLAGS2_DFS)
    Paging:           (..0.............) Read operation will NOT be permitted unless user has permission (NO Paging IO) (SMB_FLAGS2_PAGING_IO)
    StatusCodes:      (.1..............) Using 32bit NT status error codes (SMB_FLAGS2_NT_STATUS)
    Unicode:          (1...............) Using UNICODE strings (SMB_FLAGS2_UNICODE)
    PIDHigh: 0 (0x0)
    SecuritySignature: 0x0
    Reserved: 0 (0x0)
    TreeID: 65535 (0xFFFF)
    Reserved: 0 (0x0)
    UserID: 0 (0x0)
    MultiplexID: 0 (0x0)
    CNegotiate: 
    WordCount: 0 (0x0)
    ByteCount: 120 (0x78)
    Dialect: PC NETWORK PROGRAM 1.0
    BufferFormat: Dialect 2(0x2)
    DialectName: PC NETWORK PROGRAM 1.0
    Dialect: LANMAN1.0
    BufferFormat: Dialect 2(0x2)
    DialectName: LANMAN1.0
    Dialect: Windows for Workgroups 3.1a
    BufferFormat: Dialect 2(0x2)
    DialectName: Windows for Workgroups 3.1a
    Dialect: LM1.2X002
    BufferFormat: Dialect 2(0x2)
    DialectName: LM1.2X002
    Dialect: LANMAN2.1
    BufferFormat: Dialect 2(0x2)
    DialectName: LANMAN2.1
    Dialect: NT LM 0.12
    BufferFormat: Dialect 2(0x2)
    DialectName: NT LM 0.12
    Dialect: SMB 2.002
    BufferFormat: Dialect 2(0x2)
    DialectName: SMB 2.002
    Dialect: SMB 2.???
    BufferFormat: Dialect 2(0x2)
    DialectName: SMB 2.???  
    
  2. The server receives the SMB negotiate request and finds the "SMB 2.???" string in the dialect string list. The server responds with an SMB2 NEGOTIATE Response with the DialectRevision set to 0x02ff.

    Smb2: R  NEGOTIATE (0x0), GUID={1ED9580F5FEF1AA04B9DDB1C77C63757}, Mid = 0
    SMBIdentifier: SMB
    SMB2Header: R NEGOTIATE (0x0)
    Size: 64 (0x40)
    CreditCharge: 0 (0x0)
    Status: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
    Code:     (................0000000000000000) (0) STATUS_SUCCESS
    Facility: (...0000000000000................) FACILITY_SYSTEM
    Customer: (..0.............................) NOT Customer Defined
    Severity: (00..............................) STATUS_SEVERITY_SUCCESS
    Command: NEGOTIATE (0x0)
    Credits: 1 (0x1)
    Flags: 0x1
    ServerToRedir: (...............................1) Server to Client (SMB2_FLAGS_SERVER_TO_REDIR)
    AsyncCommand:  (..............................0.) Command is not asynchronous (SMB2_FLAGS_ASYNC_COMMAND)
    Related:       (.............................0..) Packet is single message (SMB2_FLAGS_RELATED_OPERATIONS)
    Signed:        (............................0...) Packet is not signed (SMB2_FLAGS_SIGNED)
    Reserved4_27:  (....000000000000000000000000....)
    DFS:           (...0............................) Command is not a DFS Operation (SMB2_FLAGS_DFS_OPERATIONS)
    Reserved29_31: (000.............................)
    NextCommand: 0 (0x0)
    MessageId: 0 (0x0)
    Reserved: 0 (0x0)
    TreeId: 0 (0x0)
    SessionId: 0 (0x0)
    Signature: Binary Large Object (16 Bytes)
    RNegotiate: 
    Size: 65 (0x41)
    SecurityMode: Signing Enabled (0x1)
    DialectRevision: 767 (0x2FF)
    Reserved: 0 (0x0)
    Guid: {1ED9580F5FEF1AA04B9DDB1C77C63757}
    Capabilities: 0x3
    DFS:               (...............................1) DFS available
    Reserved_bits1_31: (0000000000000000000000000000001.) Reserved
    MaxTransactSize: 1048576 (0x100000)
    MaxReadSize: 1048576 (0x100000)
    MaxWriteSize: 1048576 (0x100000)
    SystemTime: 12/29/2008, 11:18:59 PM
    SystemStartTime: 12/05/2008, 11:55:51 PM
    SecurityBufferOffset: 128 (0x80)
    SecurityBufferLength: 120 (0x78)
    Reserved2: 541936672 (0x204D4C20)
    securityBlob: 
    
  3. The client receives the SMB2 NEGOTIATE Response. The client issues a new SMB2 NEGOTIATE Request with a new dialect 0x0210 appended along with other SMB2 dialects.

    Smb2: C  NEGOTIATE (0x0), GUID={9879BE56-0D00-58BA-11DD-D5F0AF3A5B5D}, Mid = 1
    SMBIdentifier: SMB
    SMB2Header: C NEGOTIATE (0x0)
    Size: 64 (0x40)
    CreditCharge: 0 (0x0)
    Status: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
    Code:     (................0000000000000000) (0) STATUS_SUCCESS
    Facility: (...0000000000000................) FACILITY_SYSTEM
    Customer: (..0.............................) NOT Customer Defined
    Severity: (00..............................) STATUS_SEVERITY_SUCCESS
    Command: NEGOTIATE (0x0)
    Credits: 0 (0x0)
    Flags: 0x0
    ServerToRedir: (...............................0) Client to Server (SMB2_FLAGS_SERVER_TO_REDIR)
    AsyncCommand:  (..............................0.) Command is not asynchronous (SMB2_FLAGS_ASYNC_COMMAND)
    Related:       (.............................0..) Packet is single message (SMB2_FLAGS_RELATED_OPERATIONS)
    Signed:        (............................0...) Packet is not signed (SMB2_FLAGS_SIGNED)
    Reserved4_27:  (....000000000000000000000000....)
    DFS:           (...0............................) Command is not a DFS Operation (SMB2_FLAGS_DFS_OPERATIONS)
    Reserved29_31: (000.............................)
    NextCommand: 0 (0x0)
    MessageId: 1 (0x1)
    Reserved: 0 (0x0)
    TreeId: 0 (0x0)
    SessionId: 0 (0x0)
    Signature: Binary Large Object (16 Bytes)
    CNegotiate:
    Size: 36 (0x24)
    DialectCount: 2 (0x2)
    SecurityMode: Signing Enabled (0x1)
    Reserved: 0 (0x0)
    Capabilities: 0x0
    DFS:               (...............................0) DFS unavailable
    Reserved_bits1_31: (0000000000000000000000000000000.) Reserved
    Guid: {9879BE56-0D00-58BA-11DD-D5F0AF3A5B5D}
    StartTime: No Time Specified (0)
    Dialects:
    Dialects: 514 (0x202)
    Dialects: 528 (0x210)
    
  4. The server receives the SMB2 negotiate request and finds dialect 0x0210. The server sends an SMB2 NEGOTIATE Response with DialectRevision set to 0x0210.

    Smb2: R  NEGOTIATE (0x0), GUID={1ED9580F-5FEF-1AA0-4B9D-DB1C77C63757}, Mid = 1
    SMBIdentifier: SMB
    SMB2Header: R NEGOTIATE (0x0)
    Size: 64 (0x40)
    CreditCharge: 0 (0x0)
    Status: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
    Code:     (................0000000000000000) (0) STATUS_SUCCESS
    Facility: (...0000000000000................) FACILITY_SYSTEM
    Customer: (..0.............................) NOT Customer Defined
    Severity: (00..............................) STATUS_SEVERITY_SUCCESS
    Command: NEGOTIATE (0x0)
    Credits: 1 (0x1)
    Flags: 0x1
    ServerToRedir: (...............................1) Server to Client (SMB2_FLAGS_SERVER_TO_REDIR)
    AsyncCommand:  (..............................0.) Command is not asynchronous (SMB2_FLAGS_ASYNC_COMMAND)
    Related:       (.............................0..) Packet is single message (SMB2_FLAGS_RELATED_OPERATIONS)
    Signed:        (............................0...) Packet is not signed (SMB2_FLAGS_SIGNED)
    Reserved4_27:  (....000000000000000000000000....)
    DFS:           (...0............................) Command is not a DFS Operation (SMB2_FLAGS_DFS_OPERATIONS)
    Reserved29_31: (000.............................)
    NextCommand: 0 (0x0)
    MessageId: 1 (0x1)
    Reserved: 0 (0x0)
    TreeId: 0 (0x0)
    SessionId: 0 (0x0)
    Signature: Binary Large Object (16 Bytes)
    RNegotiate:
    Size: 65 (0x41)
    SecurityMode: Signing Enabled (0x1)
    DialectRevision: 528 (0x210)
    Reserved: 0 (0x0)
    Guid: {1ED9580F-5FEF-1AA0-4B9D-DB1C77C63757}
    Capabilities: 0x3
    DFS:               (...............................1) DFS available
    Reserved_bits1_31: (0000000000000000000000000000001.) Reserved
    MaxTransactSize: 1048576 (0x100000)
    MaxReadSize: 1048576 (0x100000)
    MaxWriteSize: 1048576 (0x100000)
    SystemTime: 12/29/2008, 11:18:59 PM
    SystemStartTime: 12/05/2008, 11:55:51 PM
    SecurityBufferOffset: 128 (0x80)
    SecurityBufferLength: 120 (0x78)
    Reserved2: 0 (0x0)
    securityBlob:
    
    
 
Show:
© 2014 Microsoft