3.3.1.3 Per SMB Connection

Server.Connection: An established SMB connection between the client and the server. The following ADM elements are maintained for each SMB connection established to a server:

Server.Connection.ClientCapabilities: The Capabilities flags of the client, as specified in the description of the SMB_COM_SESSION_SETUP_ANDX Request (section 2.2.4.53.1).

Server.Connection.ClientMaxBufferSize: The negotiated maximum size, in bytes, for SMB messages sent to the client. This limit applies to all SMB messages sent to the client unless otherwise specified for a particular message type.

Server.Connection.MaxMpxCount: The negotiated maximum number of outstanding commands that a given connection can have. This value MUST be less than or equal to Server.MaxMpxCount.

Server.Connection.ClientName:  A client identifier. For NetBIOS-based transports, this is the NetBIOS name of the client. For other transports, this is a transport-specific identifier that provides a unique name or address for the client.

Server.Connection.ConnectionlessSessionID: Used only if the underlying transport is connectionless. This is a 16-bit unsigned SMB Connection identifier: a server-unique identifier for the connection between the client and the server.

Server.Connection.FileOpenTable: A list of open files, as specified in section 3.3.1.7. This list MUST allow lookup by file handle (FID), and each FID MUST be unique within the connection.

  • Each entry MUST include the process identifier (PID) of the process that opened or created the FID so that all files opened by a specified PID can be listed.

  • Each entry MUST include the Tree Connect ID (TID) used to open the file, so that all files opened within a specified TID can be listed.

  • Each entry MUST include the user ID (UID) used to open the file, so that all files opened by a specified UID can be listed.

  • If an OpLock has been granted on a particular FID, the entry MUST include the type of OpLock granted.

Server.Connection.IdleTime: The time that the connection received its most recent request.

Server.Connection.IsSigningActive: A Boolean that indicates whether or not message signing is active for this SMB connection.

Server.Connection.NativeLanMan:  A string that represents the native LAN manager type of the client, as reported by the client.

Server.Connection.NativeOS:  A string that represents the native operating system of the CIFS client, as reported by the client.

Server.Connection.NTLMChallenge: A byte array containing the cryptographic challenge sent to the client during protocol negotiation. The challenge is sent in the SMB_COM_NEGOTIATE Response (section 2.2.4.52.2).

Server.Connection.OpLockSupport: A Boolean value that indicates whether or not the server supports granting OpLocks on this connection.

Server.Connection.PendingRequestTable: A list of command requests, as specified in section 3.3.1.4, that are currently being processed by the server. This list is indexed on a combination of the UID, TID, PID, and MID. If the transport is connectionless, the entry SHOULD<215> include the Connection.ConnectionlessSessionID (CID). For each command request that is sent to the object store, the server MUST store Server.SMBRequest.CancelRequestID into Server.Connection.PendingRequestTable.

Server.Connection.SearchOpenTable: A list of open searches. It MUST be possible to list all searches by:

  • A specified Search ID (SID),

  • The PID that opened the search,

  • The UID that opened the search,

  • The TID within which the search is taking place,

  • or by a combination of UID, TID, PID, MID, and ResumeKey.

Server.Connection.SelectedDialect: A variable that stores the SMB Protocol dialect selected for use on this connection. Details of dialects prior to NT LAN Manager ("NT LM 0.12") are described in other documents. See the table in section 1.7 for a list of dialects and implementation references.

Server.Connection.ServerNextReceiveSequenceNumber: A sequence number for the next signed request being received.

Server.Connection.ServerSendSequenceNumber: A list of the expected sequence numbers for the responses of outstanding signed requests, indexed by PID/MID pair.

Server.Connection.SessionKey: A token generated by the server for each SMB connection.

Server.Connection.SessionSetupReceived: A Boolean value that indicates whether the server has received an SMB_COM_SESSION_SETUP_ANDX Request on this SMB connection.

Server.Connection.SessionTable: A table that maintains the list of all SMB sessions. The table MUST allow lookup by either the UID of the session or the security context of the user that established the session.

Server.Connection.SigningChallengeResponse: A variable-length byte array containing the challenge response to use for signing, if signing is active. If SMB signing is activated on the connection (Server.Connection.IsSigningActive becomes TRUE), the client response to the server challenge from the first non-null, non-guest session is used for signing all traffic on the SMB connection. The Server.Connection.SigningChallengeResponse is set to one of several possible values:

  • Empty -- If Server.Connection.IsSigningActive is FALSE, no connection signing challenge response is used.

  • LM or LMv2 response -- The response passed from client to server in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX Request.

  • NTLM or NTLMv2 response -- The response passed from client to server in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX Request.

Server.Connection.SigningSessionKey: A variable-length byte array containing the session key that is used for signing packets, if signing is active.

If SMB signing is activated on the connection (Server.Connection.IsSigningActive becomes TRUE), the session key from the first non-null, non-guest session is used for signing all traffic on the SMB connection. The Server.Connection.SigningSessionKey is set to one of three values:

  • Empty -- If Server.Connection.IsSigningActive is FALSE, no connection signing session key is used.

  • LM Session Key -- The LM hash, generated from the user's password using the LMOWFv1() function defined in [MS-NLMP] section 3.3.1.

  • NT Session Key -- The NTLM hash, generated from the user's password using the NTOWFv1() function defined in [MS-NLMP] section 3.3.1.

Server.Connection.TreeConnectTable: A list of the tree connects over this SMB connection established to shares on the server, containing the TID for the tree connect and the UID of the user that established the Tree Connect, as well as the share service type returned in the SMB_COM_TREE_CONNECT Response (section 2.2.4.50.2) or the SMB_COM_TREE_CONNECT_ANDX Response (section 2.2.4.55.2).See the description of the Service field in the SMB_COM_TREE_CONNECT_ANDX Response for information on the permitted values. It MUST be possible to look up entries by either the TID or the UID.

Server.Connection.TransportName: An implementation-specific name of the transport used by this connection.

Server.Connection.CreationTime: The time at which at the connection was established.

Show: