4.5 Copy File (Local to Remote)

The following example illustrates the sequence of operations while copying a local file to a remote share. The frames do not include the connection establishment or session management, for example.

Copy file (local to remote) sequence

Figure 7: Copy file (local to remote) sequence

In the frames in the preceding figure, the remote file is first created with the SMB_COM_NT_CREATE_ANDX request. The data from the local file is then written to the remote file and, subsequently, the file is closed.

NT_CREATE_ANDX

 Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12
         SMB: Tree ID      (Tid) = 2049 (0x801)
         SMB: Process ID   (Pid) = 3592 (0xE08)
         SMB: User ID      (Uid) = 2048 (0x800)
         SMB: Multiplex ID (Mid) = 2288 (0x8F0)
 SMB: Command = C NT create & X
         SMB: Desired Access = 0x00030197
             SMB: ...............................1 = Read Data Allowed
             SMB: ..............................1. = Write Data Allowed
             SMB: .............................1.. = Append Data Allowed
             SMB: ............................0... = Read EA Denied
             SMB: ...........................1.... = Write EA Allowed
             SMB: ..........................0..... = File Execute Denied
             SMB: .........................0...... = File Delete Denied
             SMB: ........................1....... = File Read Attributes Allowed
             SMB: .......................1........ = File Write Attributes Allowed
         SMB: NT File Attributes = 0x00000020
             SMB: ...............................0 = Not Read Only
             SMB: ..............................0. = Not Hidden
             SMB: .............................0.. = Not System
             SMB: ...........................0.... = Not Directory
             SMB: ..........................1..... = Archive
             SMB: .........................0...... = Not Device
             SMB: ........................0....... = Not Normal
             SMB: .......................0........ = Not Temporary
             SMB: ......................0......... = Not Sparse File
             SMB: .....................0.......... = Not Reparse Point
             SMB: ....................0........... = Not Compressed
             SMB: ...................0............ = Not Offline
             SMB: ..................0............. = 
 CONTENT_INDEXED
             SMB: .................0.............. = Not Encrypted
         SMB: File Share Access = 0x00000000
             SMB: ...............................0 = Read not allowed
             SMB: ..............................0. = Write not allowed
             SMB: .............................0.. = Delete not allowed
         SMB: Create Disposition = Overwrite_If:  If exist, open 
 and overwrite, else create it
         SMB: Create Options = 68 (0x44)
             SMB: ...............................0 = non-directory
             SMB: ..............................0. = non-write through
             SMB: .............................1.. = Data is written to the file sequentially
             SMB: ............................0... = intermediate buffering allowed
             SMB: ...........................0.... = IO alerts bits not set
             SMB: ..........................0..... = IO non-alerts bit not set
             SMB: .........................1...... = Operation is on a non-directory file
             SMB: ........................0....... = tree connect bit not set
             SMB: .......................0........ = complete if oplocked bit is not set
             SMB: ......................0......... = no EA knowledge bit is not set
             SMB: .....................0.......... = 8.3 filenames bit is not set
             SMB: ....................0........... = random access bit is not set
             SMB: ...................0............ = delete on close bit is not set
             SMB: ..................0............. = open by filename
             SMB: .................0.............. = open for backup bit not set
         SMB: File name =\filename.txt
  

NT_CREATE_ANDX Response

  
 Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12
 SMB: Tree ID      (Tid) = 2049 (0x801)
 SMB: Process ID   (Pid) = 3592 (0xE08)
 SMB: User ID      (Uid) = 2048 (0x800)
 SMB: Multiplex ID (Mid) = 2288 (0x8F0)
 SMB: Command = C NT create & X
         SMB: Oplock Level = Batch
         SMB: File ID (Fid) = 16392 (0x4008)
  
         SMB: NT File Attributes = 0x00000020
             SMB: ...............................0 = Not Read Only
             SMB: ..............................0. = Not Hidden
             SMB: .............................0.. = Not System
             SMB: ...........................0.... = Not Directory
             SMB: ..........................1..... = Archive
             SMB: .........................0...... = Not Device
             SMB: ........................0....... = Not Normal
             SMB: .......................0........ = Not Temporary
             SMB: ......................0......... = Not Sparse File
             SMB: .....................0.......... = Not Reparse Point
             SMB: ....................0........... = Not Compressed
             SMB: ...................0............ = Not Offline
             SMB: ..................0............. = CONTENT_INDEXED
             SMB: .................0.............. = Not Encrypted
  

SMB_COM_WRITE_ANDX Request

  
 Client -> Server: SMB: C Write Andx, Dialect = NTLM 0.12
         SMB: Tree ID      (Tid) = 2049 (0x801)
         SMB: Process ID   (Pid) = 65279 (0xFEFF)
         SMB: User ID      (Uid) = 2048 (0x800)
         SMB: Multiplex ID (Mid) = 2384 (0x950)
 SMB: Command = C read & X
         SMB: File ID (Fid) = 16392 (0x4008)
         SMB: File offset = 0 (0x0)
         SMB: Data length = 1596 (0x63C)
 Data = 00 90 27 66 6D BE 00 90 27 D0 C4 6F 08 00 45 00  …
  

SMB_COM_WRITE_ANDX Response

 Server -> Client: SMB: R Write Andx, Dialect = NTLM 0.12
         SMB: Tree ID      (Tid) = 2049 (0x801)
         SMB: Process ID   (Pid) = 65279 (0xFEFF)
         SMB: User ID      (Uid) = 2048 (0x800)
         SMB: Multiplex ID (Mid) = 2384 (0x950)
 SMB: Command = C read & X
  

SMB_COM_CLOSE Request

  
 Client -> Server: SMB: C Close, Dialect = NTLM 0.12
         SMB: Tree ID      (Tid) = 2049 (0x801)
         SMB: Process ID   (Pid) = 65279 (0xFEFF)
         SMB: User ID      (Uid) = 2048 (0x800)
         SMB: Multiplex ID (Mid) = 2400 (0x960)
 SMB: Command = C Close
         SMB: File ID (Fid) = 16392 (0x4008)
  

SMB_COM_CLOSE Response

  
 Server -> Client: SMB: R Close, Dialect = NTLM 0.12
         SMB: Tree ID      (Tid) = 2049 (0x801)
         SMB: Process ID   (Pid) = 65279 (0xFEFF)
         SMB: User ID      (Uid) = 2048 (0x800)
         SMB: Multiplex ID (Mid) = 2400 (0x960)
  
Show: